CVE-2003-0718

IIS 5.0-6.0 - DoS

Title source: llm

Description

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Amit Klein · perldoswindows

https://www.exploit-db.com/exploits/585

View Code ZIP pw:eip

References (7)

[Mailing List] http://marc.info/?l=bugtraq&m=109762641822064&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17645

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17656

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767

Scores

EPSS 0.8199

EPSS Percentile 99.2%

Details

Status published

Products (2)

microsoft/internet_information_server 6.0

microsoft/internet_information_services 5.0

Published Nov 03, 2004

Tracked Since Feb 18, 2026