CVE-2001-0151

Internet Information Services 5.0 - Denial of Service via Malformed WebDAV Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0151. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This Perl script exploits a denial-of-service vulnerability in Microsoft IIS 5.0 by sending malformed WebDAV PROPFIND requests with oversized XML payloads. The exploit causes the server to stop responding or restart IIS services.

Description

IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · perldoswindows

https://www.exploit-db.com/exploits/20664

View Code ZIP pw:eip

This Perl script exploits a denial-of-service vulnerability in Microsoft IIS 5.0 by sending malformed WebDAV PROPFIND requests with oversized XML payloads. The exploit causes the server to stop responding or restart IIS services.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft IIS 5.0

No auth needed

Prerequisites: Network access to the target IIS server · WebDAV enabled on the target server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A90

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-016

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6205

Scores

EPSS 0.6787

EPSS Percentile 99.2%

Details

Status published

Products (1)

microsoft/internet_information_services 5.0

Published Jun 02, 2001

Tracked Since Feb 18, 2026