Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
BID:1101
Info
Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
| Bugtraq ID: | 1101 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 12 2000 12:00AM |
| Updated: | Apr 12 2000 12:00AM |
| Credit: | Discovered by Vanja Hrustic and publicized in Microsoft Security Bulletin (MS00-023) on April 12, 2000. |
| Vulnerable: |
Microsoft IIS 5.0 Microsoft IIS 4.0 alpha Microsoft IIS 4.0 |
| Not Vulnerable: | |
Discussion
Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
Requesting a malformed URL containing numerous escaped characters will cause Microsoft IIS performance to dramatically decrease until the URL has been processed.
Requesting a malformed URL containing numerous escaped characters will cause Microsoft IIS performance to dramatically decrease until the URL has been processed.
Exploit / POC
Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
References:
References: