Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft IIS multiple vulnerabilities

Microsoft IIS multiple vulnerabilities

by Mario Miri on June 2nd, 2003 Multiple vulnerabilities have been reported for IIS. 1. The first vulnerability is a cross site scripting issue in the error page returned to advise of a redirected URL. IIS 4.0, 5.0, and 5.1 are affected. 2. The second issue is a buffer overflow related to server side includes. If a malformed server side include page was uploaded to an IIS server then requested, a buffer would be overrun allowing arbitrary code execution with user level permissions. IIS 5.0 is affected. 3. ASP pages containing excessively large headers could cause IIS to fail when the page is requested by a remote user. IIS 4.0 and 5.0 are affected. 4. IIS does not properly handle WebDAV requests over 49,153 bytes to the PROPFIND and SEARCH request methods. As a result, if a long WebDAV request is received, IIS will fail. IIS 5.0 and 5.1 are affected.


Vulnerable:
Microsoft IIS 4.0
Microsoft IIS 5.0
Microsoft IIS 5.1

Solution:
Available from:
http://www.microsoft.com/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »