Detections
Analytics
Microsoft IIS Malformed File Extension URL DoS
medium Nessus Plugin ID 10406
Synopsis
The remote web server is affected by a denial of service vulnerability.Description
The remote web server is running a version of IIS that allows remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the 'Malformed Extension Data in URL' vulnerability.Solution
Apply the patches referenced above.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-030
Plugin Details
Severity: Medium
ID: 10406
File Name: iis_dos_ussrback.nasl
Version: 1.47
Type: remote
Family: Web Servers
Published: 5/12/2000
Updated: 5/28/2024
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:iis
Required KB Items: Settings/ParanoidReport, www/iis
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 5/11/2000
Reference Information
CVE: CVE-2000-0408
BID: 1190
MSFT: MS00-030
MSKB: 260205