Internet Information Services 5.0 Denial of service

News

Web Server Security

Phishing

Database Security

Application Server Security

Library

Vulnerability Archive

Secure Development

Web Services

Pen Test

AJAX

Application Firewalls

Main ->

TOPIC'S

Advertising

Old News

About

Resume

Contact

FAQ

Irc

Links

Books

Demos

Papers

Downloads

Advisories

Contributions

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

Internet Information Services 5.0 Denial of service

Internet Information Services 5.0 Denial of service

[Release Date] May 29th, 2003
Severity: High

[Systems Affected]
* Microsoft Information Server 5.0
* Microsoft Information Server 5.1

[Description]

If an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods, IIS will be forced to restart itself. All web server, email, and active ftp connections will be terminated, along with a disruption of future sessions during the time it takes IIS to restart. The complete advisory is also available from our website at: http://www.spidynamics.com/iis_alert.html

[Remediation]
Please install the vendor-supplied patch located at
http://www.microsoft.com/technet/security/bulletin/MS03-018.asp