Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1186

4 documents4 sources
Severity
5.0MEDIUM
EPSS
25.2%
top 3.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedDec 11
Latest updateApr 30

Description

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9wgj-g8wc-6p76: Microsoft IIS 5↗2022-04-30
â–¶
CVEList
CVE-2001-1186: Microsoft IIS 5↗2004-09-01
â–¶

💥Exploits & PoCs

1
Exploit-DB
Microsoft IIS 5.0 - False Content-Length Field Denial of Service↗2001-12-11
â–¶
CVE-2001-1186 (MEDIUM CVSS 5) | Microsoft IIS 5.0 allows remote att | cvebase.io