IIS HTTP GET Vulnerability
A vulnerability exists in the HTTP GET method of Microsoft® Internet Information Server® that could allow denial-of-service attacks to be mounted against web servers.
Issue
This vulnerability involves the HTTP GET method, which is used to obtain information from an IIS web server. Specially-malformed GET requests can create a denial of service situation that consumes all server resources, causing a server to "hang." In some cases, the server can be put back into service by stopping and restarting IIS; in others, the server may need to be rebooted. This situation cannot happen accidentally. The malformed GET requests must be deliberately constructed and sent to the server. It is important to note that this vulnerability does not allow data on the server to be compromised, nor does it allow any privileges on it to be usurped.
Affected Products
- Microsoft IIS 3.0 and 4.0, on x86 and Alpha platforms
Solution
Microsoft has released the following hot fixes:
- Fix for IIS 3.0 on X86 platforms:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget3i.exe - Fix for IIS 4.0 on X86 platforms:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4i.exe - Fix for IIS 3.0 on Alpha platforms:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget3a.exe - Fix for IIS 4.0 on Alpha platforms:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4a.exe
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: December 21, 1998
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
 |
 |
|
More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |  | |
