lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <012101c3254b$f0a86ad0$170a10ac__15989.9833183319$1054180576@spidynamics.com>
Date: Wed, 28 May 2003 15:04:17 -0400
From: "SPI Labs" <spilabs@...dynamics.com>
To: <spilabs@...dynamics.com>
Subject: Internet Information Services 5.0 Denial of service


Internet Information Services 5.0 Denial of service

[Release Date] May 29th, 2003
Severity: High

[Systems Affected]
* Microsoft Information Server 5.0
* Microsoft Information Server 5.1

[Description]

If an attacker sends a Webdav request with a body over 49,153 bytes
using the 'PROPFIND' or 'SEARCH' request methods, IIS will be forced
to restart itself. All web server, email, and active ftp connections
will be terminated, along with a disruption of future sessions during
the time it takes IIS to restart. The complete advisory is also available
from our
website at: http://www.spidynamics.com/iis_alert.html

[Remediation]
Please install the vendor-supplied patch located at
http://www.microsoft.com/technet/security/bulletin/MS03-018.asp

[Contact Information]

SPI Labs
SPI Dynamics R&D Team
spilabs@...dynamics.com
115 Perimeter Center Place
Suite 270
Atlanta, GA 30346
Phone: (678)781-4800
Toll-Free Phone: (866)774-2700


SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists;
SPI Dynamics is the leader in Web application security technology. With such
signature
products as WebInspect, SPI Dynamics is dedicated to protecting companies'
most valuable
assets. SPI Dynamics has created a new breed of Internet security products
for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2003 SPI Dynamics, Inc. All rights reserved worldwide.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ