CVE-2003-0226

Microsoft Internet Information Services 5.0-5.1 - Denial of Service via Long WebDAV PROPFIND or SEARCH Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0226. PoCs published by Shachank, Neo1.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in Microsoft IIS 5.0/5.1 by sending a malformed SEARCH request with an oversized buffer. It checks for IIS 5.0 and the presence of the SEARCH method before attempting the DoS.

Description

Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Shachank · cdoswindows
https://www.exploit-db.com/exploits/35

This exploit targets a denial-of-service vulnerability in Microsoft IIS 5.0/5.1 by sending a malformed SEARCH request with an oversized buffer. It checks for IIS 5.0 and the presence of the SEARCH method before attempting the DoS.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 5.0 and 5.1
No auth needed
Prerequisites: Network access to the target IIS server · IIS 5.0/5.1 with WebDAV enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Neo1 · cdoswindows
https://www.exploit-db.com/exploits/22670

This exploit targets a denial-of-service vulnerability in Microsoft IIS via malformed WebDAV requests. It sends an excessively long 'SEARCH' request to crash the IIS service, causing a DoS condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Information Services (IIS) with WebDAV enabled
No auth needed
Prerequisites: Network access to the target IIS server · WebDAV enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=105421243732552&w=2
Patch, Vendor Advisory x_refsource_misc
http://www.spidynamics.com/iis_alert.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A933
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105427362724860&w=2
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html

Scores

EPSS 0.4258
EPSS Percentile 98.5%

Details

Status published
Products (1)
microsoft/internet_information_services 5.0
Published Jun 09, 2003
Tracked Since Feb 18, 2026