Details of VAR-200211-0048

ID

VAR-200211-0048

CVE

CVE-2002-1182

TITLE

Microsoft IIS of WebDAV Service disruption due to request processing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2002-000267

DESCRIPTION

IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. Microsoft IIS Is malicious WebDAV If you receive a request, WebDAV A vulnerability exists that allocates more memory than is normally allocated for processing requests.The request could not be processed and crashed, resulting in a service disruption (DoS) It may be in a state. The denial of service is caused by resource exhaustion. A denial of service vulnerability has been reported for Microsoft IIS 5 and 5.1. Several malformed requests sent to the server will result in the vulnerable system failing to respond to further legitimate requests for service. This vulnerability affects IIS 5.0 and 5.1 only. This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID. ** Reports suggest that numerous hosts have been scanned in an attempt to exploit this vulnerability. Although unconfirmed, this may be the result of a system of automated attacks

Trust: 2.16

sources: NVD: CVE-2002-1182 // JVNDB: JVNDB-2002-000267 // BID: 4846 // BID: 6070

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 1.4
vendor:	microsoft	model:	iis	scope:	eq	version:	5.1	Trust: 1.1
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.1	Trust: 0.6

sources: BID: 4846 // BID: 6070 // JVNDB: JVNDB-2002-000267 // CNNVD: CNNVD-200211-036 // NVD: CVE-2002-1182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1182
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2002-1182
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200211-036
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2002-1182
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2002-000267 // CNNVD: CNNVD-200211-036 // NVD: CVE-2002-1182

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1182

THREAT TYPE

network

Trust: 0.6

sources: BID: 4846 // BID: 6070

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 4846 // BID: 6070

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000267

PATCH

title:	MS02-062	url:	http://www.microsoft.com/technet/security/bulletin/MS02-062.asp	Trust: 0.8
title:	MS02-062	url:	http://www.microsoft.com/japan/technet/security/Bulletin/ms02-062.mspx	Trust: 0.8
title:	Microsoft Internet Information Services WebDAV Remediation measures for remote denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134894	Trust: 0.6

sources: JVNDB: JVNDB-2002-000267 // CNNVD: CNNVD-200211-036

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1182	Trust: 2.7
db:	BID	id:	6070	Trust: 2.7
db:	BID	id:	6068	Trust: 2.4
db:	BID	id:	4846	Trust: 1.9
db:	JVNDB	id:	JVNDB-2002-000267	Trust: 0.8
db:	CNNVD	id:	CNNVD-200211-036	Trust: 0.6

sources: BID: 4846 // BID: 6070 // JVNDB: JVNDB-2002-000267 // CNNVD: CNNVD-200211-036 // NVD: CVE-2002-1182

REFERENCES

url:	http://www.securityfocus.com/bid/6070	Trust: 2.4
url:	http://www.securityfocus.com/bid/6068	Trust: 2.4
url:	http://www.nextgenss.com/vna/ms-iisdos.txt	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10184	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1009	Trust: 1.6
url:	http://www.securityfocus.com/bid/4846	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10503	Trust: 1.6
url:	http://www.ciac.org/ciac/bulletins/n-011.shtml	Trust: 1.6
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062	Trust: 1.6
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html	Trust: 1.6
url:	http://www.nextgenss.com/advisories/ms-iisdos.txt	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1011	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1182	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1182	Trust: 0.8
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-062.asp	Trust: 0.3
url:	/archive/1/298000	Trust: 0.3

sources: BID: 4846 // BID: 6070 // JVNDB: JVNDB-2002-000267 // CNNVD: CNNVD-200211-036 // NVD: CVE-2002-1182

CREDITS

Mark Litchfield※ mark@ngssoftware.com

Trust: 0.6

sources: CNNVD: CNNVD-200211-036

SOURCES

db:	BID	id:	4846
db:	BID	id:	6070
db:	JVNDB	id:	JVNDB-2002-000267
db:	CNNVD	id:	CNNVD-200211-036
db:	NVD	id:	CVE-2002-1182

LAST UPDATE DATE

2025-04-03T22:30:54.818000+00:00

SOURCES UPDATE DATE

db:	BID	id:	4846	date:	2002-05-27T00:00:00
db:	BID	id:	6070	date:	2009-07-11T18:06:00
db:	JVNDB	id:	JVNDB-2002-000267	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200211-036	date:	2020-11-25T00:00:00
db:	NVD	id:	CVE-2002-1182	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	BID	id:	4846	date:	2002-05-27T00:00:00
db:	BID	id:	6070	date:	2002-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2002-000267	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200211-036	date:	2002-05-27T00:00:00
db:	NVD	id:	CVE-2002-1182	date:	2002-11-12T05:00:00