Detections
Analytics

MS01-023: Microsoft IIS 5.0 Malformed HTTP Printer Request Header Remote Buffer Overflow (953155) (uncredentialed check)

critical Nessus Plugin ID 10657

Synopsis

Arbitrary code can be executed on the remote host thru IIS.

Description

The remote version of the IIS web server contains a bug which might be used by an attacker to execute arbitrary code on the remote system.

To exploit this vulnerability, an attacker would need to send a malicious HTTP/1.1 request to the remote host.

Solution

Microsoft has released a patch for Windows 2000.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-023

http://www.nessus.org/u?faa4ec33

Plugin Details

Severity: Critical

ID: 10657

File Name: iis5_printer.nasl

Version: 1.49

Type: remote

Family: Web Servers

Published: 5/1/2001

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/1/2001

Vulnerability Publication Date: 5/1/2001

Exploitable With

CANVAS (CANVAS)

Metasploit (MS01-023 Microsoft IIS 5.0 Printer Host Header Overflow)

Reference Information

CVE: CVE-2001-0241

BID: 2674

CERT: 516648

CERT-CC: CA-2001-10

MSFT: MS01-023

MSKB: 296576