Vulnerability Name:

CVE-2001-0500 (CCN-6705)

Assigned:2001-06-18
Published:2001-06-18
Updated:2018-10-12
Summary:Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2001-0500

Source: CCN
Type: CERT Advisory CA-2001-13
Buffer Overflow In IIS Indexing Service DLL

Source: CERT
Type: Exploit, Patch, Third Party Advisory, US Government Resource
CA-2001-13

Source: CCN
Type: CERT Advisory CA-2001-19
"Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL

Source: CCN
Type: CERT Advisory CA-2001-23
Continued Threat of the "Code Red" Worm

Source: CCN
Type: CERT Incident Note IN-2001-09
"Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL

Source: CCN
Type: CIAC Information Bulletin L-098
Microsoft Index Server ISAPI Extension Buffer Overflow

Source: CIAC
Type: UNKNOWN
L-098

Source: CCN
Type: CIAC Information Bulletin L-117
The Code Red Worm

Source: CCN
Type: CIAC Information Bulletin L-120
Cisco "Code Red" Worm Impact

Source: CCN
Type: Cisco System Field Notice July 20, 2001
"Code Red" Worm - Customer Impact

Source: CCN
Type: Cisco Security Notice 2004 March 27 19:30 UTC
Exploit for Multiple Cisco Vulnerabilities

Source: CCN
Type: eEye Digital Security Team Alert AD20010618
All versions of Microsoft Internet Information Services Remote buffer overflow (SYSTEM Level Access)

Source: XF
Type: UNKNOWN
iis-isapi-idq-bo(6705)

Source: CCN
Type: Internet Security Systems Security Alert #79
Remote IIS Index Server ISAPI Extension Buffer Overflow

Source: CCN
Type: Internet Security Systems Security Alert #89
X-Force Response to Concern About the "Code Red" Worm

Source: CCN
Type: Internet Security Systems Security Alert #90
Resurgence of "Code Red" Worm Derivatives

Source: CCN
Type: US-CERT VU#952336
Microsoft Index Server/Indexing Service used by IIS 4.0/5.0 contains unchecked buffer used when encoding double-byte characters

Source: CCN
Type: Microsoft Security Bulletin MS01-033
Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

Source: CCN
Type: Microsoft Security Bulletin MS01-041
Malformed RPC Request Can Cause Service Failure

Source: CCN
Type: Microsoft Security Bulletin MS01-044
15 August 2001 Cumulative Patch for IIS

Source: CCN
Type: Microsoft Security Bulletin MS02-001
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

Source: CCN
Type: Microsoft Security Bulletin MS02-018
Cumulative Patch for Internet Information Services (Q319733)

Source: CCN
Type: Microsoft Security Bulletin MS02-062
Cumulative Patch for Internet Information Service (Q327696)

Source: CCN
Type: Microsoft Security Bulletin MS03-018
Cumulative Patch for Internet Information Service (811114)

Source: CCN
Type: National Infrastructure Protection Center Advisory 01-013
"Buffer Overflow Vulnerability in Microsoft's Internet Information Services (IIS) 4.0 and 5.0"

Source: CCN
Type: National Infrastructure Protection Center Advisory 01-015
"Ida Code Red Worm "

Source: BUGTRAQ
Type: UNKNOWN
20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)

Source: BID
Type: UNKNOWN
2880

Source: CCN
Type: BID-2880
MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS01-033

Source: XF
Type: UNKNOWN
iis-isapi-idq-bo(6705)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:197

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:index_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:indexing_service:*:*:windows_2000:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_server:*:beta:*:*:*:*:*:* (Version <= 6.0)

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*
  • AND
  • cpe:/a:microsoft:index_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:indexing_service:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2001-0500 (CCN-6992)

    Assigned:2001-08-06
    Published:2001-08-06
    Updated:2001-08-06
    Summary:The Code Red II backdoor, configured on systems infected by the Code Red II worm, is one of many backdoors attackers can use to access your computer system without your knowledge or consent. With the Code Red II backdoor, an attacker can access the victim system through a URL and execute arbitrary commands.

    For additional information regarding the "Code Red II" worm, refer to Internet Security Systems Security Alert #90. See References.
    CVSS v3 Severity:
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-1999-0660

    Source: MITRE
    Type: CNA
    CVE-2001-0500

    Source: CCN
    Type: CERT Incident Note IN-2001-09
    "Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL

    Source: CCN
    Type: CIAC Information Bulletin L-117
    The Code Red Worm

    Source: CCN
    Type: CIAC Information Bulletin L-132
    Microsoft Cumulative Patch for IIS

    Source: CCN
    Type: Internet Security Systems Security Alert #90
    Resurgence of "Code Red" Worm Derivatives

    Source: CCN
    Type: Microsoft Security Bulletin MS01-033
    Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

    Source: CCN
    Type: Microsoft Security Bulletin MS01-041
    Malformed RPC Request Can Cause Service Failure

    Source: CCN
    Type: Microsoft Security Bulletin MS01-044
    15 August 2001 Cumulative Patch for IIS

    Source: CCN
    Type: Microsoft Security Bulletin MS02-001
    Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

    Source: CCN
    Type: Microsoft Security Bulletin MS02-018
    Cumulative Patch for Internet Information Services (Q319733)

    Source: CCN
    Type: Microsoft Security Bulletin MS02-062
    Cumulative Patch for Internet Information Service (Q327696)

    Source: CCN
    Type: Microsoft Security Bulletin MS03-018
    Cumulative Patch for Internet Information Service (811114)

    Source: CCN
    Type: Microsoft TechNet Web site
    Information on the Code Red II worm

    Source: CCN
    Type: National Infrastructure Protection Center Advisory 01-017
    "Code Red II"

    Source: CCN
    Type: BID-2880
    MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability

    Source: XF
    Type: UNKNOWN
    backdoor-codered2(6992)

    Source: CCN
    Type: Rapid7 Vulnerability and Exploit Database
    MS01-033 Microsoft IIS 5.0 IDQ Path Overflow

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:197
    V
    		IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)
    2011-05-16
    BACK
    microsoft index server 2.0
    microsoft indexing service *
    microsoft internet information server * beta
    microsoft internet information server 6.0 beta
    microsoft internet information server 4.0
    microsoft internet information server 5.0
    microsoft index server 2.0
    microsoft indexing service *
    microsoft windows xp
    microsoft windows 2003_server
    microsoft internet information server 4.0
    microsoft internet information server 5.0