Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1899

CWE-119 — Buffer Overflow4 documents4 sources

Severity

4.3MEDIUM

EPSS

86.0%

top 0.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedSep 15

Latest updateMay 13

Description

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_services7.5

▶NVDmicrosoft/internet_information_server6.0

🔴Vulnerability Details

GHSA

GHSA-74ch-7c47-jp63: Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5↗2022-05-13

▶

CVEList

CVE-2010-1899: Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5↗2010-09-15

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)↗2010-10-01

▶