| Vulnerability Name: | CVE-2003-0718 (CCN-17645) | ||||||||||||||||
| Assigned: | 2003-09-02 | ||||||||||||||||
| Published: | 2004-10-12 | ||||||||||||||||
| Updated: | 2020-11-23 | ||||||||||||||||
| Summary: | The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Oct 12 2004 - 13:31:28 CDT Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS Source: MITRE Type: CNA CVE-2003-0718 Source: BUGTRAQ Type: UNKNOWN 20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS Source: CCN Type: Microsoft Security Bulletin MS04-030 Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151) Source: CCN Type: BID-11384 Microsoft XML Parser Remote Denial of Service Vulnerability Source: MS Type: UNKNOWN MS04-030 Source: XF Type: UNKNOWN iis-webdav-xml-attribute-dos(17645) Source: XF Type: UNKNOWN iis-webdav-xml-attribute-dos(17645) Source: XF Type: UNKNOWN iis-ms04030-patch(17656) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1330 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1427 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4767 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||