Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)

 Hi members,

I think no patch has been released at this day.... so, I wrote one myself
using ISAPI filters.
As I understood RFCs, a hit generated by a "GET" method, does not need the
"Content-Length:" header. If this is true, I think my filter is correct.

The page is http://bob.firstcodings.com/programs/dropcontentlengthget/
(source code is included). For now, please consider this filter as "beta
release".
I installed this filter on a production server which has an average load :
after 2 days and at this point, all is fine. Above all, exploit described in
bid 3667 does not work anymore.

Thanks to email me at "dropContentLengthGet_at_firstcodings.net" for any
comments/feedbacks/suggestions about this filter.

Bob - firstcodings.
P.S : my english may not be correct, sorry :)
Received on Mar 05 2002