CVE-2007-0087
Last modified
CVE-2007-0087 is a vulnerability of currently unknown severity. Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. EPSS estimates a 23.16% chance of exploitation in the next 30 days.
Description
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Server | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-0087?
How severe is CVE-2007-0087?
How do I fix CVE-2007-0087?
Are you affected by CVE-2007-0087?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST