Home page logo
/

bugtraq logo Bugtraq mailing list archives

Internet Information Services 5.0 Denial of service
From: "SPI Labs" <spilabs () spidynamics com>
Date: Wed, 28 May 2003 15:04:17 -0400

Internet Information Services 5.0 Denial of service

[Release Date] May 29th, 2003
Severity: High

[Systems Affected]
* Microsoft Information Server 5.0
* Microsoft Information Server 5.1

[Description]

If an attacker sends a Webdav request with a body over 49,153 bytes
using the 'PROPFIND' or 'SEARCH' request methods, IIS will be forced
to restart itself. All web server, email, and active ftp connections
will be terminated, along with a disruption of future sessions during
the time it takes IIS to restart. The complete advisory is also available
from our
website at: http://www.spidynamics.com/iis_alert.html

[Remediation]
Please install the vendor-supplied patch located at
http://www.microsoft.com/technet/security/bulletin/MS03-018.asp

[Contact Information]

SPI Labs
SPI Dynamics R&D Team
spilabs () spidynamics com
115 Perimeter Center Place
Suite 270
Atlanta, GA 30346
Phone: (678)781-4800
Toll-Free Phone: (866)774-2700


SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists;
SPI Dynamics is the leader in Web application security technology. With such
signature
products as WebInspect, SPI Dynamics is dedicated to protecting companies'
most valuable
assets. SPI Dynamics has created a new breed of Internet security products
for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2003 SPI Dynamics, Inc. All rights reserved worldwide.


  By Date           By Thread  

Current thread:
  • Internet Information Services 5.0 Denial of service SPI Labs (May 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault