Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0231

4 documents4 sources

Severity

5.0MEDIUM

EPSS

29.0%

top 3.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Engine Microsoft SQL Server

Timeline

PublishedAug 27

Latest updateApr 29

Description

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000, 7.0+1

▶NVDmicrosoft/data_engine1.0

🔴Vulnerability Details

GHSA

GHSA-c4q6-6hmw-8vq8: Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a↗2022-04-29

▶

CVEList

CVE-2003-0231: Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a↗2003-07-25

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)↗2003-07-23

▶