{"vuid":"VU#698564","idnumber":"698564","name":"Microsoft CIS and RPC over HTTP Proxy components fail to properly handle responses","keywords":["Microsoft","COM Internet Services Proxy","RPC over HTTP Proxy","DoS","denial of service","specially crafted responses","Q828741","MS04-012"],"overview":"A vulnerability in a Microsoft HTTP Proxy component may lead to a denial  of service.","clean_desc":"Microsoft's COM Internet Sevices (CIS) and Remote Procedure Call (RPC) over HTTP Proxy contain a vulnerability that could permit an attacker to cause a denial of service. When a forwarded request is passed over either of these components to the backend system, an attacker may be able to reply to the request with a specially crafted response. This could cause the vulnerable components to stop accepting future requests. This vulnerability affects the following systems: Windows NT Server 4.0\nWindows NT Server 4.0, Terminal Server Edition\nWindows 2000\nWindows Server 2003","impact":"A remote attacker may be able to stop the vulnerable component from accepting messages. This would lead to a denial of service.","resolution":"Apply a patch from the vendor Microsoft Security Bulletin MS04-012 contains patch information to resolve this issue.","workarounds":"","sysaffected":"","thanks":"The Microsoft Security Bulletin thanks Qualys for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","4","-","0","1","2",".","m","s","p","x"],"cveids":["CVE-2003-0807"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-13T18:37:20Z","publicdate":"2004-04-13T00:00:00Z","datefirstpublished":"2004-04-14T00:20:46Z","dateupdated":"2004-04-14T00:36:09Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"13","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"5.315625","cam_scorecurrentwidelyknown":"6.26484375","cam_scorecurrentwidelyknownexploited":"10.06171875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.315625,"vulnote":null}