Title: Microsoft IIS Long URL Denial of Service Vulnerability
Severity: HIGH
Description:
Microsoft Internet Information Server is vulnerable to a denial of service.
This particular denial of service affects versions 2.0, 3.0 and 4.0 of the server prior to service pack 4.
The denial of service is initiated by sending a long URL of specific length to the server; the actual length required varies between installations but is typically between 4 and 8k.
The URL which causes this issue is of the format "http://server/?anything=XXXXX" - note that no existing file need be requested. It appears that the condition is related to the handling of CGI variable values.
This is not a buffer overflow; a URL of specific length must be sent, anything longer or shorter will not affect the server. The threshold varies from system to system.
Affected Products:
- Microsoft IIS 2.0.0
- Microsoft IIS 3.0.0
- Microsoft Windows NT 4.0
References:
- Microsoft: Q143484: IIS Services Stop with Large Client Requests
- insecure.org: M$ IIS DOS long URL vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
