Microsoft IIS ExAir query.asp Direct Request DoS

1999-01-26T00:00:00
ID OSVDB:3
Type osvdb
Reporter David Litchfield(mnemonix@GLOBALNET.CO.UK)
Modified 1999-01-26T00:00:00

Description

Vulnerability Description

Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (query.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them.

Short Description

Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (query.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.

Manual Testing Notes

http://[victim]/iissamples/exair/search/query.asp

References:

Snort Signature ID: 1500 Snort Signature ID: 1028 Nessus Plugin ID:10003 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html ISS X-Force ID: 2229 CVE-1999-0449 Bugtraq ID: 193