Vulnerability Name:

CVE-2001-0146 (CCN-6171)

Assigned:2001-03-01
Published:2001-03-01
Updated:2020-04-02
Summary:IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2001-0146

Source: CCN
Type: CIAC Information Bulletin L-054
Microsoft IIS and Exchange Malformed URL Denial of Service

Source: CCN
Type: eSO Security Advisory: 3401
Microsoft Internet Information Server / Exchange 2000 invalid request denial of service vulnerability

Source: CCN
Type: US-CERT VU#796584
Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#796584

Source: CCN
Type: Microsoft Security Bulletin MS01-014
Malformed URL can cause Service Failure in IIS 5.0 and Exchange 2000

Source: CCN
Type: Microsoft Security Bulletin MS01-016
Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources

Source: BID
Type: Third Party Advisory, VDB Entry
2440

Source: CCN
Type: BID-2440
Microsoft IIS Multiple Invalid URL Request DoS Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
2441

Source: CCN
Type: BID-2441
Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability

Source: MS
Type: Patch, Vendor Advisory
MS01-014

Source: XF
Type: UNKNOWN
iis-malformed-url-dos(6171)

Source: XF
Type: VDB Entry
iis-malformed-url-dos(6171)

Source: XF
Type: VDB Entry
exchange-malformed-url-dos(6172)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2001-0146 (CCN-6172)

    Assigned:2001-03-01
    Published:2001-03-01
    Updated:2018-10-30
    Summary:IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2001-0146

    Source: CCN
    Type: CIAC Information Bulletin L-054
    Microsoft IIS and Exchange Malformed URL Denial of Service

    Source: CCN
    Type: eSO Security Advisory: 3401
    Microsoft Internet Information Server / Exchange 2000 invalid request denial of service vulnerability

    Source: CCN
    Type: US-CERT VU#796584
    Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)

    Source: CCN
    Type: Microsoft Security Bulletin MS01-014
    Malformed URL can cause Service Failure in IIS 5.0 and Exchange 2000

    Source: CCN
    Type: BID-2440
    Microsoft IIS Multiple Invalid URL Request DoS Vulnerability

    Source: CCN
    Type: BID-2441
    Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability

    Source: XF
    Type: UNKNOWN
    exchange-malformed-url-dos(6172)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:exchange_server:2000:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft exchange server 2000 -
    microsoft internet information services 5.0
    microsoft internet information server 5.0
    microsoft exchange server 2000