Skip navigation
Menu
Security

Multiple Vulnerabilites in Microsoft IIS

Reported May 28, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

  • Microsoft Internet Information Services (IIS) 5.1 and 5.0

  • Microsoft Internet Information Server (IIS) 4.0

 

DESCRIPTION

 

Four new vulnerabilities exist in IIS 5.1, 5.0, and 4.0, the most serious of which can result in the execution of arbitrary code on the vulnerable system. These four new vulnerabilities consist of the following:

  • A Cross-Site Scripting (CSS) vulnerability affecting IIS 5.1, 5.0, and 4.0 involves an error message about the redirection of a requested URL. By getting a user to click a link on a Web site, an attacker can relay a request containing script to a third-party Web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user. The script would then use the security settings of the third-party site (rather than the attacker's site) to render.

  • A buffer overrun results from IIS 5.0's incorrect validation of requests for certain types of Web pages, known as server side includes. An attacker would need to be able to upload a server-side include page to a vulnerable IIS server. If the attacker then requested this page, a buffer overrun could permit the attacker to execute code of his or her choice on the server with user-level permissions.

  • A Denial of Service (DoS) vulnerability results from a flaw in the way IIS 5.0 and 4.0 allocate memory requests when constructing headers to be returned to a Web client. An attacker would need to be able to upload an ASP page to a vulnerable IIS server. This ASP page, when called by the attacker, would attempt to return an extremely large header to the calling Web client. Because IIS doesn't limit the amount of memory that can be used in this case, this scenario could case IIS to fail as a result of running out of local memory.

  • A DoS vulnerability results from IIS 5.1 and 5.0 incorrectly handling an error condition when an overly long WebDAV request is passed to them. As a result, an attacker could cause IIS to fail. However, by default, both IIS 5.1 and 5.0 restart immediately after this failure.

 

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-018, "Cumulative Patch for Internet Information Service (811114)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.

 

 CREDIT          

Discovered by SPIDynamics SPI Labs and NSFocus.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024