Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011633
SecurityTracker URL:
CVE Reference:   CVE-2003-0718   (Links to External Site)
Updated:  Oct 18 2004
Original Entry Date:  Oct 12 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 5.1, 6.0
Description:   A vulnerability was reported in the Microsoft IIS in the WebDAV XML Message Handler. A remote user can cause denial of service conditions.

Microsoft reported that a remote user can send a specially crafted WebDAV request to a target system that is running both Internet Information Server (IIS) and WebDAV to cause WebDAV to consume all available memory and CPU resources. The flaw occurs because WebDAV does not limit the number of attributes that can be specified per XML-element in WebDAV requests.

The IIS service must be restarted to return to normal operations.

Microsoft credits Amit Klein and Sanctum, Inc. with reporting this flaw.

Impact:   A remote user can cause IIS to consume excessive memory and CPU resources on the target system.
Solution:   The vendor has issued a fix.

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:

Microsoft Windows XP and Microsoft Windows XP Service Pack 1:

Microsoft Windows XP 64-Bit Edition Service Pack 1:

Microsoft Windows XP 64-Bit Edition Version 2003:

Microsoft Windows Server 2003:

Microsoft Windows Server 2003 64-Bit Edition:

These patches require a system restart.

Vendor URL: (Links to External Site)
Cause:   Exception handling error, State error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC