ISS RealSecure Server Sensor ISAPI Plug-in DoS

2003-09-08T00:00:00
ID OSVDB:3207
Type osvdb
Reporter OSVDB
Modified 2003-09-08T00:00:00

Description

Vulnerability Description

RealSecure Server Sensor has a flaw that allows for a remote denial of service attack. The flaw is due to a poor sanity checking for packets sent to the ISAPI plug-in. A carefully crafted URL request using SSL can cause RealSecure and IIS to crash.

Solution Description

Upgrade to version 7.0 XPU 20.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

RealSecure Server Sensor has a flaw that allows for a remote denial of service attack. The flaw is due to a poor sanity checking for packets sent to the ISAPI plug-in. A carefully crafted URL request using SSL can cause RealSecure and IIS to crash.

References:

Vendor Specific Solution URL: http://www.iss.net/download/ Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0082.html ISS X-Force ID: 13088 CVE-2003-0702 Bugtraq ID: 8550