CVE-2000-0858 — Microsoft Internet Information Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

20.4%

top 4.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Windows NT

Timeline

PublishedNov 14

Latest updateApr 30

Description

Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/internet_information_server4.0

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5jwv-6qp2-mgfr: Vulnerability in Microsoft Windows NT 4↗2022-04-30

▶

CVEList

CVE-2000-0858: Vulnerability in Microsoft Windows NT 4↗2001-01-22

▶