CVE-2001-1186

Microsoft Internet Information Services 5.0 - Denial of Service via Oversized Content-Length Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1186. PoCs published by Ivan Hernandez Puga.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in Microsoft IIS 5.0 by sending a malformed HTTP GET request with an excessive Content-Length field. The server keeps the connection open indefinitely, leading to potential resource exhaustion.

Description

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ivan Hernandez Puga · textdoswindows
https://www.exploit-db.com/exploits/21177

This exploit demonstrates a denial of service vulnerability in Microsoft IIS 5.0 by sending a malformed HTTP GET request with an excessive Content-Length field. The server keeps the connection open indefinitely, leading to potential resource exhaustion.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS 5.0
No auth needed
Prerequisites: Network access to the target IIS server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/244892
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/245100
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/244931
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3667
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7691.php

Scores

EPSS 0.3135
EPSS Percentile 98.1%

Details

Status published
Products (1)
microsoft/internet_information_services 5.0
Published Dec 11, 2001
Tracked Since Feb 18, 2026