lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030905163804.18255.qmail@sf-www2-symnsj.securityfocus.com>
Date: 5 Sep 2003 16:38:04 -0000
From: <research@...eredge.com>
To: bugtraq@...urityfocus.com
Subject: ISS Server Sensor Denial of Service




EnterEdge has discovered a Denial of Service condition in ISS RealSecure 
Server Sensor 7.0. The condition is present when running ISS's RealSecure 
Server Sensor 7.0 on a Microsoft IIS server with SSL.  By passing invalid 
unicode characters via ssl, the server sensor will shut down the IIS 
service.  This was tested with IIS 5.0 using ISS server sensor 7.0 xpu 
20.16 and 20.18.  ISS was notified and has since released xpu 20.19 which 
resolves this DoS vulnerability.  

http://www.enteredge.com/research/can-2003-0702.asp
CVE: CAN-2003-0702


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ