| VID |
12012 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS server is vulnerable to a Denial of Service attack with malformed HTTP HOST field.
FrontPage Server Extensions allow web developers to add or change content and to manage the web server. The SmartHTML interpreter, shtml.dll, is a component of FrontPage Server Extensions, and supports certain types of dynamic web content. The vulnerability in shtml.dll can allow a remote attacker to disrupt the normal operation of the web server.
If a remote attacker sends the follow HTTP POST request to the shtml.dll (SmartHTML Interpreter) file containing a large number of forward-slash characters('/') in the HTTP HOST header field,
POST /_vti_bin/shtml.dll HTTP/1.1
Host: /////////////[.../*32762..]//////////////
Content-length: 1
x
the IIS web server will consume 100% of the available CPU resources for about 35 seconds and no other HTTP requests will be serviced during this time. It is possible that this cause a denial of service to the web server.
* Vulnerable Platforms:
Microsoft IIS 5.0
- Windows 2000 Any version
Microsoft IIS 5.1
- Windows XP Any version |
| Recommendation |
No remedy available as of December 2002. |
| Related URL |
CVE-2002-1908 (CVE) |
| Related URL |
5907 (SecurityFocus) |
| Related URL |
10370 (ISS) |
|
