|
|
|
Vulnerability Note VU#698564Microsoft CIS and RPC over HTTP Proxy components fail to properly handle responsesOverviewA vulnerability in a Microsoft HTTP Proxy component may lead to a denial of service.I. DescriptionMicrosoft's COM Internet Sevices (CIS) and Remote Procedure Call (RPC) over HTTP Proxy contain a vulnerability that could permit an attacker to cause a denial of service. When a forwarded request is passed over either of these components to the backend system, an attacker may be able to reply to the request with a specially crafted response. This could cause the vulnerable components to stop accepting future requests. This vulnerability affects the following systems:
Microsoft Security Bulletin MS04-012 contains patch information to resolve this issue. Systems Affected
References
The Microsoft Security Bulletin thanks Qualys for reporting this vulnerability. This document was written by Jason A Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||