SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011633
SecurityTracker URL:  http://securitytracker.com/id/1011633
CVE Reference:   CVE-2003-0718   (Links to External Site)
Updated:  Oct 18 2004
Original Entry Date:  Oct 12 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 5.1, 6.0
Description:   A vulnerability was reported in the Microsoft IIS in the WebDAV XML Message Handler. A remote user can cause denial of service conditions.

Microsoft reported that a remote user can send a specially crafted WebDAV request to a target system that is running both Internet Information Server (IIS) and WebDAV to cause WebDAV to consume all available memory and CPU resources. The flaw occurs because WebDAV does not limit the number of attributes that can be specified per XML-element in WebDAV requests.

The IIS service must be restarted to return to normal operations.

Microsoft credits Amit Klein and Sanctum, Inc. with reporting this flaw.

Impact:   A remote user can cause IIS to consume excessive memory and CPU resources on the target system.
Solution:   The vendor has issued a fix.

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D2C632A7-CD43-466C-A624-D841905CE181


Microsoft Windows XP and Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6A338C59-3693-4A25-B823-431A5C21A4B7


Microsoft Windows XP 64-Bit Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0412A361-28C5-45F7-9853-BCDC9D7B2B97


Microsoft Windows XP 64-Bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2


Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=81CE104D-5257-447C-A2CD-D4D149581D71


Microsoft Windows Server 2003 64-Bit Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2

These patches require a system restart.

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms04-030.mspx (Links to External Site)
Cause:   Exception handling error, State error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC