Malformed "GET" URLs Can Crash IIS VERSIONS AFFECTED
DESCRIPTION Malformed URLs consisting of the GET statement and other erroneous data can cause the IIS service to consume all available resources and render the service unresponsive. SOLUTION Information about the problem resides in Knowledge Base article Q192296, "IIS: Patch Available for IIS "GET" Vulnerability." Microsoft has released the following hot fixes: IIS 3.0 on Intel platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget3i.exe IIS 3.0 on Alpha platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget3a.exe
IIS 4.0 on Intel platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4i.exe IIS 4.0 on Alpha platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4a.exe To learn more about NT Security concerns, subscribe to NTSD Credits- Originally reported by Eugene and Brian via Microsoft - Posted on The NT Shop on December 21, 1998 |
Malformed GET Requests Crash IIS
0 comments
Hide comments