CVE-2003-0225
CVSS5.0
发布时间 :2003-06-09 00:00:00
修订时间 :2016-10-17 22:30:57
NMCOS    

[原文]The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.


[CNNVD]Microsoft IIS ASP头远程拒绝服务攻击漏洞(MS03-018)(CNNVD-200306-048)

        
        Microsoft IIS 5.0(Internet Infomation Server 5)是Microsoft Windows 2000自带的一个网络信息服务器,其中包含HTTP服务功能。
        Microsoft IIS在处理超大ASP头请求时存在问题,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。
        由于IIS 4.0和5.0当构建头返回给WEB客户端时配置内存请求存在缺陷,可导致发生拒绝服务问题。攻击者要利用这个漏洞需要上传ASP页给有此漏洞的IIS服务器,当攻击者调用这个恶意ASP页时,会尝试返回超大头给调用的WEB客户端。由于IIS没有限制调用的内存分配,可导致IIS最终产生拒绝服务,停止对正常服务的响应。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:5.0
cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:373IIS AddHeader Large Header Denial of Service
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0225
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0225
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-048
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=ntbugtraq&m=105110606122772&w=2
(UNKNOWN)  NTBUGTRAQ  20030418 Microsoft Active Server Pages DoS
http://www.aqtronix.com/Advisories/AQ-2003-01.txt
(UNKNOWN)  MISC  http://www.aqtronix.com/Advisories/AQ-2003-01.txt
http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
(VENDOR_ADVISORY)  MS  MS03-018

- 漏洞信息

Microsoft IIS ASP头远程拒绝服务攻击漏洞(MS03-018)
中危 边界条件错误
2003-06-09 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft IIS 5.0(Internet Infomation Server 5)是Microsoft Windows 2000自带的一个网络信息服务器,其中包含HTTP服务功能。
        Microsoft IIS在处理超大ASP头请求时存在问题,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。
        由于IIS 4.0和5.0当构建头返回给WEB客户端时配置内存请求存在缺陷,可导致发生拒绝服务问题。攻击者要利用这个漏洞需要上传ASP页给有此漏洞的IIS服务器,当攻击者调用这个恶意ASP页时,会尝试返回超大头给调用的WEB客户端。由于IIS没有限制调用的内存分配,可导致IIS最终产生拒绝服务,停止对正常服务的响应。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS03-018)以及相应补丁:
        MS03-018:Cumulative Patch for Internet Information Service (811114)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS03-018.asp

        补丁下载,此补丁需要用户先安装MS02-50的补丁:
        Microsoft IIS 4.0:
        Microsoft Patch Q811114
        
        http://microsoft.com/downloads/details.aspx?FamilyId=1DBC1914-98E9-4DED-ADBF-E9B374A1F79D&displaylang=en

        IIS 4.0补丁需要安装在运行了Windows NT 4.0 Service Pack 6a的系统。
        Microsoft IIS 5.0:
        Microsoft Patch Q811114
        
        http://microsoft.com/downloads/details.aspx?FamilyId=2F5D9852-4ADD-44F8-8715-AC3D7D7D94BF&displaylang=en

        IIS 5.0补丁需要安装在运行了Windows 2000 Service Pack 2或Service Pack 3的系统。

- 漏洞信息

4863
Microsoft IIS Active Server Page Header DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Microsoft IIS contains a flaw that may allow a remote attacker to exhaust the available memory and force it to restart. The issue is due to IIS not limiting the memory available for constructing headers to be returned to a web client. If an attacker uploaded a specially crafted ASP page that returned an overly large header to the requesting client, IIS will run out of memory.

- 时间线

2003-04-18 2002-11-04
2003-04-18 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft IIS ASP Header Denial Of Service Vulnerability
Boundary Condition Error 7733
Yes No
2003-05-28 12:00:00 2009-07-11 10:06:00
This vulnerability was reported by Microsoft.

- 受影响的程序版本

Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 1.0
+ Cisco ICS 7750
+ Cisco ICS 7750
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.0
+ Cisco uOne 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco uOne 1.0
+ Hancom Hancom Office 2007 0
+ Hancom Hancom Office 2007 0
+ Microsoft BackOffice 4.5
+ Microsoft BackOffice 4.5
+ Microsoft Windows NT 4.0 Option Pack
+ Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional

- 不受影响的程序版本

Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional

- 漏洞讨论

Microsoft IIS is prone to a denial of service condition when overly large ASP headers are processed.

An attacker can exploit this vulnerability to execute a malicious ASP page that generates an overly large header that consumes all memory resources available to the vulnerable IIS process.

This vulnerability was initially described in BID 7728 and is now being assigned its own BID.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Patches available:

There is a dependency associated with this patch. It requires the patch from Microsoft Security Bulletin MS02-050 to be installed. If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch.


Microsoft IIS 4.0

Microsoft IIS 5.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站