Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0226

5 documents4 sources

Severity

5.0MEDIUM

EPSS

64.8%

top 1.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Services

Timeline

PublishedJun 9

Latest updateApr 29

Description

Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: archives.neohapsis.com ↗Patch: www.spidynamics.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-w93c-g8jh-q2hx: Microsoft Internet Information Services (IIS) 5↗2022-04-29

▶

CVEList

CVE-2003-0226: Microsoft Internet Information Services (IIS) 5↗2003-05-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 5.0 < 5.1 - Remote Denial of Service↗2003-05-31

▶

Exploit-DB

Microsoft IIS 5.0 - WebDAV PROPFIND / SEARCH Method Denial of Service↗2003-05-28

▶