Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VULNERABILITIES - December 19, 2005

by roddy32 Dec 18, 2005 10:49PM PST

TITLE:
Microsoft IIS Malformed URL Potential Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA18106

VERIFY ADVISORY:
http://secunia.com/advisories/18106/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/

SOFTWARE:
Microsoft Internet Information Services (IIS) 5.x
http://secunia.com/product/39/

DESCRIPTION:
Inge Henriksen has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which potentially can be exploited by
malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the handling of
certain malformed URL. This can be exploited to cause the IIS service
to crash.

Example:
http://[host]/[dir]/.dll/%01~0

Successful exploitation requires that "[dir]" is a virtual directory
that is configured with "Scripts & Executables" execution
permissions.

Note: IIS will automatically restart after the crash.

The vulnerability has been confirmed in IIS 5.1 on a full patched
version of Microsoft Windows XP SP2.

SOLUTION:
Filter potential malicious characters or character sequences with a
HTTP proxy.

IIS 5.0 and 6.0 are reportedly not affected.

PROVIDED AND/OR DISCOVERED BY:
Inge Henriksen

ORIGINAL ADVISORY:
http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html

Discussion is locked

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info