Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
Threat-Mapped Scoring
Score: 1.5
Priority: P4 - Informational (Low)
EPSS
Score: 0.00845Percentile:
0.73828
CVSS Scoring
CVSS v2 Score: 2.1
Severity:
Mapped CWE(s)
CWE-400
: Uncontrolled Resource Consumption
All CAPEC(s)
CAPEC-147 : XML Ping of the Death
CAPEC-227 : Sustained Client Engagement
CAPEC-492 : Regular Expression Exponential Blowup
CAPEC(s) with Mapped TTPs
CAPEC-227 : Sustained Client Engagement
Mapped TTPs:
T1499
: Endpoint Denial of Service
Mapped ATT&CK TTPs
T1499
: Endpoint Denial of Service
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me