CVE-2001-0083

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

5.0MEDIUM

EPSS

19.1%

top 4.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Services

Timeline

PublishedFeb 12

Latest updateApr 30

Description

Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_media_services4.0, 4.1+1

🔴Vulnerability Details

GHSA

GHSA-v64h-8rq4-grgg: Windows Media Unicast Service in Windows Media Services 4↗2022-04-30

▶

CVEList

CVE-2001-0083: Windows Media Unicast Service in Windows Media Services 4↗2001-05-07

▶

📋Vendor Advisories

Red Hat

httpd: log files contain information directly supplied by clients and does not filter or quote control characters↗2001-12-31

▶