Name:
IIS.Malformed.File.Extension.DoS
Released Date:
Sep 11 2006
Severity:
medium
CVE:
2000-0408
MS Bulletin:
MS00-030
Bugtraq:
1190

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a Denial of Service vulnerability in Microsoft's Internet Information Server.

The vulnerability is a result of the way that the Inetinfo process determines file extensions from a GET request URL. If the URL contains a large number of dots ".." and dot-slashes "././", there will be a long delay while it is being processed. Because other processing is blocked during this delay, an attacker can exploit this to cause a Denial of Service.
 
Impact
Denial of service.
 
Affected Products
IIS server 4.0 and 5.0.
Aliases
IIS.Malformed.File.Extension.DoS
References
http://www.microsoft.com/technet/security/Bulletin/MS00-030.mspx
http://www.securityfocus.com/bid/1190
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0408
Recommended Actions
Apply the security patch given in Microsoft Security Bulletin MS00-030 or upgrade to a non-vulnerable version.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED