Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0718

4 documents4 sources

Severity

5.0MEDIUM

EPSS

82.0%

top 0.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedNov 3

Latest updateApr 29

Description

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_services5.0

▶NVDmicrosoft/internet_information_server6.0

🔴Vulnerability Details

GHSA

GHSA-qfq7-2r89-r328: The WebDAV Message Handler for Internet Information Services (IIS) 5↗2022-04-29

▶

CVEList

CVE-2003-0718: The WebDAV Message Handler for Internet Information Services (IIS) 5↗2004-10-16

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS - WebDAV XML Denial of Service (MS04-030)↗2004-10-20

▶