Vulnerability Note VU#149070
Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability
Symantec Endpoint Protection (SEP) Network Threat Protection module running on a Microsoft Internet Information Services (IIS) webserver contains a denial of service vulnerability when probed by an audit tool.
Symantec Security Advisory SYM12-007 states:
It has been reported that this vulnerability affects Microsoft Internet Information Services (IIS) 6.0, however newer versions could be affected.
An unauthenticated attacker can cause the Microsoft IIS webserver to become unresponsive leading to a denial of service condition.
Restart server or IIS service
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Symantec||Affected||12 May 2011||22 May 2012|
CVSS Metrics (Learn More)
Thanks to Greg Johnson of Clear Skies Security for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-1821
- Date Public: 22 May 2012
- Date First Published: 05 Jun 2012
- Date Last Updated: 05 Jun 2012
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.