| VID |
21125 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
IIS comes with the sample site pages called ExAir:
- /iissamples/exair/search/query.asp
- /iissamples/exair/search/advsearch.asp
- /iissamples/exair/search/search.asp
A denial of service attack exists against the these pages. If select ExAir active server pages are called directly without being called from the main page, then the pages do not load the DLLs correctly. This action results in IIS hanging and causing the CPU usage to jump to 100%.
* References:
http://www.iss.net/security_center/static/2229.php
http://www.microsoft.com/ntserver/appservice/deployment/planguide/ntopdg.asp |
| Recommendation |
Delete the "ExAir" sample IIS site (see the Windows NT Option Pack 4 Setup for details). |
| Related URL |
CVE-1999-0449 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
