Oval Definition:oval:org.mitre.oval:def:12490
Revision Date:2011-02-21Version:21
Title:Denial of service via FTP status request
Description:The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0073
Platform(s):Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows XP
Product(s):Microsoft Internet Information Server (IIS)
Definition Synopsis
  • vulnerable IIS 4.0 on Windows NT
  • Microsoft Windows NT is installed
  • AND Microsoft IIS 4.0 is installed
  • AND the version of w3svc.dll is less than 4.2.775.1
  • AND FTP Enabled
  • OR vulnerable IIS 5.0 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND Microsoft IIS 5.0 is installed
  • AND the version of w3svc.dll is less than 5.0.2195.5269
  • AND FTP Enabled
  • OR vulnerable IIS 5.1 on Windows XP
  • Microsoft Windows XP is installed
  • AND Microsoft IIS 5.1 is installed
  • AND the version of w3svc.dll is less than 5.1.2600.41
  • AND FTP Enabled
  • BACK