CVE-2001-0083
published 2001-02-12CVE-2001-0083: Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
17.34%
96.7th percentile
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_media_services | — | — |
| microsoft | windows_media_services | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v64h-8rq4-grgg: Windows Media Unicast Service in Windows Media Services 4
ghsa_unreviewed·2022-04-30
CVE-2001-0083 [MEDIUM] GHSA-v64h-8rq4-grgg: Windows Media Unicast Service in Windows Media Services 4
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
Red Hat
httpd: log files contain information directly supplied by clients and does not filter or quote control characters
vendor_redhat·2001-12-31·CVSS 5.0
CVE-2001-1556 [MEDIUM] CWE-532 httpd: log files contain information directly supplied by clients and does not filter or quote control characters
httpd: log files contain information directly supplied by clients and does not filter or quote control characters
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
Statement: This is a duplicate CVE name and is a combination of CVE-2003-0020 and CVE-2003-0083.
Package: httpd (Red Hat Enterprise Linux 5) - Not affected
Package: httpd (Red Hat Enterprise Linux 6) - Not affected
Package: httpd (Red Hat Enterprise Linux 7) - Not affected
Package: httpd:2.4/httpd (Red Hat Enterprise Linux 8) - Not affected
Package: httpd (Red Hat JBoss Core Services) -
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ281256https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-097https://exchange.xforce.ibmcloud.com/vulnerabilities/5785http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ281256https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-097https://exchange.xforce.ibmcloud.com/vulnerabilities/5785
2001-02-12
Published