|
|
|
Vulnerability Note VU#544555Microsoft Internet Information Server 4.0 (IIS) vulnerable to DoS when URL redirecting is enabledOverviewA vulnerability in IIS 4.0 may permit intruders to crash vulnerable IIS servers with URL redirection enabled.I. DescriptionA vulnerability in Microsoft IIS 4.0 allows an attacker to crash IIS 4.0 servers if they are configured to use URL redirection. URL redirection is not used by default. This vulnerability is exercised by the Code Red worm, but is distinct from the vulnerability that allows the worm to compromise systems. For more information, please see No patch is available at this time. Due to the large numbers of systems still infected with Code Red as of this writing, it is likely that systems running IIS 4.0 with redirection enabled will have difficulty maintaining normal operation until and unless URL redirection is disabled, or until a patch is available.II. ImpactIntruders can crash vulnerable IIS 4.0 systems. IIS 5.0 is not affected.III. SolutionNo patch is currently available.Until a patch is available disable URL redirection on your system.
References
Our thanks to Microsoft for the information contained on their web site. This document was written by Shawn V. Hernan.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader