• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects.

When receiving an HTTP request requiring a redirect, a buffer is not properly bounds checked, leading to the possibility of a buffer overflow.

It is reported that an attacker may exploit this vulnerability by issuing a large request to an affected IIS Web server. The Web server must have permanent redirects enabled.

An attacker may exploit this issue to execute arbitrary code in the context of IIS. This could lead to complete compromise of an affected computer.

Affected Products:

• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers
• Cisco Building Broadband Service Manager 5.0.0
• Cisco Call Manager 1.0.0
• Cisco Call Manager 2.0.0
• Cisco Call Manager 3.0.0
• Cisco ICS 7750
• Cisco IP/VC 3540 Video Rate Matching Module
• Cisco Unity Server 2.0.0
• Cisco Unity Server 2.2.0
• Cisco Unity Server 2.3.0
• Cisco Unity Server 2.4.0
• Cisco uOne 1.0.0
• Cisco uOne 2.0.0
• Cisco uOne 3.0.0
• Cisco uOne 4.0.0
• Microsoft BackOffice 4.0
• Microsoft BackOffice 4.5
• Microsoft IIS 4.0
• Microsoft IIS 4.0 alpha
• Microsoft Windows 2000 Server
• Microsoft Windows NT 4.0 Option Pack
• Microsoft Windows NT Server 4.0 SP6a

References:

• CERT/CC: Technical Cyber Security Alert TA04-196A
• CERT/CC: Vulnerability Note VU#717748
• Microsoft: IIS may not respond after you install MS04-021 on an IIS 4.0 server
• Microsoft: Internet Information Server 4 Baseline Security Checklist
• Microsoft: Microsoft IIS Homepage
• Microsoft: Microsoft Security Bulletin MS03-018
• Microsoft: Microsoft Security Bulletin MS04-021

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.