HTTP: Microsoft IIS Repeated Parameter Request Denial of Service
This signature detects invalid HTTP requests to Microsoft Internet Information Server. An attacker can send these crafted URLs to a vulnerable Web server and execute code.
Extended Description
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
Affected Products
Microsoft internet_information_services
References
CVE: CVE-2010-1899
Short Name
HTTP:IIS:REP-PARAM-REQ-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-4360 CVE-2009-2521 CVE-2010-1899 Denial IIS Microsoft Parameter Repeated Request Service of
Release Date
02/11/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.6
7.8
4.3