A vulnerability has been reported for Microsoft Exchange 2000.
Allegedly, Exchange 2000 will experience a denial of service condition when an authenticated user makes many requests. The vulnerability is due to IIS incorrectly allocating licenses to Exchange. Making numerous, rapid requests will exhaust available licenses granted to Exchange by IIS.
Information
Bugtraq ID: | 5413 | Class: | Failure to Handle Exceptional Conditions | CVE: | CVE-2002-1876
| Remote: | Yes | Local: | No | Published: | Aug 06 2002 12:00AM | Updated: | May 31 2019 10:00PM | Credit: | Reported by Dave Aitel <[email protected]>. | Vulnerable: | Microsoft Exchange Server 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
| | Not Vulnerable: | | Exploit
Reportedly, these issues may be exploited with the publically available Spike tool, available at the following URL:
http://www.immunitysec.com/spike.html
