Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1024496 |
|
SecurityTracker URL: http://securitytracker.com/id/1024496
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 1 2010
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): Tested on 6.0
|
Description:
A vulnerability was reported in Microsoft Internet Information Server (IIS) Web Server. A remote user can cause denial of service conditions.
On systems hosting an ASP page that reads from a POST request, a remote user can send a series of requests to consume all available stack memory and cause the service to crash.
A manual restart is required to return the system to normal operations.
This vulnerability is being actively exploited.
A demonstration exploit is available at:
http://www.exploit-db.com/exploits/15167/
Kingcope reported this vulnerability.
|
Impact:
A remote user can the target service to crash. A manual restart is required to return the system to normal operations.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 01 Oct 2010 02:55:21 +0000
Subject: Microsoft IIS
|
http://www.exploit-db.com/exploits/15167/
|
|
