Summary
The WebDav extensions (httpext.dll) for Internet Information Server 5.0 contains a flaw that may allow a malicious user to consume all available memory on the target server by sending many requests using the LOCK method associated to a non existing filename.
This concern not only IIS but the entire system since the flaw can potentially exhausts all system memory available.
Vulnerable systems: IIS 5.0 ( httpext.dll versions prior to 0.9.3940.21 )
Immune systems: IIS 5 SP2( httpext.dll version 0.9.3940.21)
Solution
Download Service Pack 2/hotfixes from Microsoft web at http://windowsupdate.microsoft.com
Severity
Classification
-
CVE CVE-2001-0337 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Denial of Service (DoS) in Microsoft SMS Client
- Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
- Comodo Internet Security Denial of Service Vulnerability-01
- ejabberd 'client2server' Message Remote Denial of Service Vulnerability
- Denial of Service vulnerability in AVG Anti-Virus (Linux)