A vulnerability in IIS 4.0 may permit intruders to crash vulnerable IIS servers with URL redirection enabled.
A vulnerability in Microsoft IIS 4.0 allows an attacker to crash IIS 4.0 servers if they are configured to use URL redirection. URL redirection is not used by default. This vulnerability is exercised by the Code Red worm, but is distinct from the vulnerability that allows the worm to compromise systems. For more information, please see
Intruders can crash vulnerable IIS 4.0 systems. IIS 5.0 is not affected.
No patch is currently available.
Until a patch is available disable URL redirection on your system.
Our thanks to Microsoft for the information contained on their web site.
This document was written by Shawn V. Hernan.
|Date First Published:||2001-08-14|
|Date Last Updated:||2001-08-14 19:55 UTC|