CVE-2007-0087

CVE Database · CVE-2007-0087

CVE-2007-0087

· N/AModified

CVSS v3.1

N/A

EPSS

23.16%

Published

Jan 5, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

Affected Products (1)

microsoft · internet_information_servervulnerable

References (10)

http://osvdb.org/33457

http://www.securityfocus.com/archive/1/455833/100/0/threaded

http://www.securityfocus.com/archive/1/455879/100/0/threaded

http://www.securityfocus.com/archive/1/455882/100/0/threaded

http://www.securityfocus.com/archive/1/455920/100/0/threaded

http://osvdb.org/33457

http://www.securityfocus.com/archive/1/455833/100/0/threaded

http://www.securityfocus.com/archive/1/455879/100/0/threaded

http://www.securityfocus.com/archive/1/455882/100/0/threaded

http://www.securityfocus.com/archive/1/455920/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs