CVE-2002-1182
Description
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malformed WebDAV request can cause IIS 5.0 and 5.1 to allocate excessive memory, leading to a denial of service crash.
Vulnerability
A denial of service vulnerability exists in Microsoft Internet Information Services (IIS) 5.0 and 5.1 due to a flaw in how the server allocates memory for WebDAV requests [1]. When a specially malformed WebDAV request is sent, the server assigns a large amount of memory, eventually exhausting resources and causing the service to crash. This affects IIS 5.0 and 5.1 on Windows 2000 and Windows XP.
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending a crafted WebDAV request to the target IIS server [1]. No special network position is required beyond network access to the server. The attacker simply sends the malformed request, which triggers the memory allocation flaw.
Impact
Successful exploitation results in a denial of service: the IIS service crashes, disrupting web services hosted on the server [1]. The crash is temporary; the service can be restarted. No code execution or data compromise is achieved; the impact is limited to availability.
Mitigation
Microsoft released a cumulative security patch (MS02-062) that addresses this vulnerability for IIS 4.0, 5.0, and 5.1 [1]. The patch was published on October 23, 2002. Administrators should apply the patch to affected systems. No workarounds are documented in the reference.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.htmlnvd
- www.ciac.org/ciac/bulletins/n-011.shtmlnvd
- www.nextgenss.com/advisories/ms-iisdos.txtnvd
- www.nextgenss.com/vna/ms-iisdos.txtnvd
- www.securityfocus.com/bid/4846nvd
- www.securityfocus.com/bid/6068nvd
- www.securityfocus.com/bid/6070nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/10184nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/10503nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1009nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1011nvd
News mentions
0No linked articles in our index yet.