Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0506

4 documents4 sources

Severity

7.2HIGH

EPSS

77.6%

top 1.01%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedSep 20

Latest updateApr 30

Description

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vjg8-57hm-fxmj: Buffer overflow in ssinc↗2022-04-30

▶

CVEList

CVE-2001-0506: Buffer overflow in ssinc↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation↗2001-08-15

▶