Microsoft IIS Crafted URL Remote DoS

2005-12-16T07:10:02
ID OSVDB:21805
Type osvdb
Reporter Inge Henriksen(inge.henriksen@booleansoft.com)
Modified 2005-12-16T07:10:02

Description

Vulnerability Description

Microsoft Internet Information Services (IIS) contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted URL pointing to a folder with execute permission set to Scripts and Executables is sent, and will result in loss of availability for the service.

Technical Description

The sending of a single URL is insufficient for the vulnerability to take effect. Reports indicate that the request must be made four times.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Information Services (IIS) contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted URL pointing to a folder with execute permission set to Scripts and Executables is sent, and will result in loss of availability for the service.

References:

Security Tracker: 1015376 Secunia Advisory ID:18106 Other Advisory URL: http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html Microsoft Security Bulletin: MS07-041 Microsoft Knowledge Base Article: 939373 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0212.html Generic Exploit URL: http://www.securiteam.com/exploits/6R00N1PEUA.html Generic Exploit URL: http://www.securiteam.com/exploits/6U00Q1PEUY.html FrSIRT Advisory: ADV-2005-2963 CVE-2005-4360 Bugtraq ID: 15921