IIS 5.0 WebDav Memory Leakage Network Vulnerability

Summary

The WebDav extensions (httpext.dll) for Internet Information Server 5.0 contains a flaw that may allow a malicious user to consume all available memory on the target server by sending many requests using the LOCK method associated to a non existing filename. This concern not only IIS but the entire system since the flaw can potentially exhausts all system memory available. Vulnerable systems: IIS 5.0 ( httpext.dll versions prior to 0.9.3940.21 ) Immune systems: IIS 5 SP2( httpext.dll version 0.9.3940.21)

Solution

Download Service Pack 2/hotfixes from Microsoft web at http://windowsupdate.microsoft.com

Severity

Classification

CVE CVE-2001-0337

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability
eZ/eZphotoshare Denial of Service
BadBlue invalid GET DoS
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities