Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability Network Vulnerability

Summary

This host is running Microsoft FrontPage Server Extensions and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause denial of service conditions. Impact Level: Application

Solution

Upgrade to Microsoft FrontPage 2000 Server Extensions 1.2 or later, For updates refer to http://office.microsoft.com

Insight

The flaw is due to an error in the 'shtml.exe' component, which allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.

Affected

Microsoft FrontPage 2000 Server Extensions 1.1

References

http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html
http://osvdb.org/396
http://www.securiteam.com/windowsntfocus/5NP0N0U2AA.html
http://xforce.iss.net/xforce/xfdb/5124

Updated on 2015-03-25

Severity

Classification

CVE CVE-2000-0709
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

JServ Cross Site Scripting
bozotic HTTP server Denial of Service Vulnerability
IIS IDA/IDQ Path Disclosure
LiteSpeed Web Server Source Code Information Disclosure Vulnerability
IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities

Take action and discover your vulnerabilities