| Revision Date: | 2011-02-21 | Version: | 21 |
| Title: | Denial of service via FTP status request |
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2002-0073
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows XP
| Product(s): | Microsoft Internet Information Server (IIS)
|
| Definition Synopsis |
| vulnerable IIS 4.0 on Windows NT Microsoft Windows NT is installed
AND Microsoft IIS 4.0 is installed
AND the version of w3svc.dll is less than 4.2.775.1
AND FTP Enabled
OR vulnerable IIS 5.0 on Windows 2000
Microsoft Windows 2000 is installed
AND Microsoft IIS 5.0 is installed
AND the version of w3svc.dll is less than 5.0.2195.5269
AND FTP Enabled
OR vulnerable IIS 5.1 on Windows XP
Microsoft Windows XP is installed
AND Microsoft IIS 5.1 is installed
AND the version of w3svc.dll is less than 5.1.2600.41
AND FTP Enabled
|