IIS Server Security - Microsoft IIS Remote DoS .DLL Url exploit

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > December 2005 > Microsoft IIS Remote DoS .DLL Url exploit





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Microsoft IIS Remote DoS .DLL Url exploit
bencr333

2005-12-22, 7:49 am

Does anybody know more information in regards to this vulnerability
disclaimed by Inge Henriksen?
"I have found that by doing a malformed anonymous HTTP request one can
remotely crash the IIS service process, inetinfo.exe, using just a simple
tool like a web browser."
More details on the vulnerability: http://ingehenriksen.blogspot.com/
Microsoft's response to this?
Suggestions to mitigate this vulnerability?
Bernard Cheah [MVP]

2005-12-25, 2:48 am

This applies to IIS5.1 only -
http://msmvps.com/blogs/bernard/arc...2/20/79489.aspx

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"bencr333" <bencr333@discussions.microsoft.com> wrote in message
news:2ED4066D-38FB-4FE5-AE7D-EC5C271E1A62@microsoft.com...
> Does anybody know more information in regards to this vulnerability
> disclaimed by Inge Henriksen?
> "I have found that by doing a malformed anonymous HTTP request one can
> remotely crash the IIS service process, inetinfo.exe, using just a simple
> tool like a web browser."
> More details on the vulnerability: http://ingehenriksen.blogspot.com/
> Microsoft's response to this?
> Suggestions to mitigate this vulnerability?


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com