lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030905163804.18255.qmail@sf-www2-symnsj.securityfocus.com> Date: 5 Sep 2003 16:38:04 -0000 From: <research@...eredge.com> To: bugtraq@...urityfocus.com Subject: ISS Server Sensor Denial of Service EnterEdge has discovered a Denial of Service condition in ISS RealSecure Server Sensor 7.0. The condition is present when running ISS's RealSecure Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid unicode characters via ssl, the server sensor will shut down the IIS service. This was tested with IIS 5.0 using ISS server sensor 7.0 xpu 20.16 and 20.18. ISS was notified and has since released xpu 20.19 which resolves this DoS vulnerability. http://www.enteredge.com/research/can-2003-0702.asp CVE: CAN-2003-0702