BID:1642 - Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability

Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability

BID:1642

Info

Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability

Bugtraq ID:	1642
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Sep 05 2000 12:00AM
Updated:	Sep 05 2000 12:00AM
Credit:	Released in a Microsoft Security Bulletin (MS00-063) on Sep 5, 2000. Reported to Microsoft on May 16, 2000 by Peter Grundl of VIGILANTe <[email protected]>.
Vulnerable:	Microsoft Windows NT 4.0 alpha Microsoft Windows NT 4.0 + Microsoft Windows NT Enterprise Server 4.0 + Microsoft Windows NT Enterprise Server 4.0 + Microsoft Windows NT Server 4.0 + Microsoft Windows NT Server 4.0 + Microsoft Windows NT Terminal Server 4.0 + Microsoft Windows NT Terminal Server 4.0 + Microsoft Windows NT Workstation 4.0 + Microsoft Windows NT Workstation 4.0 Microsoft IIS 4.0 + Cisco Building Broadband Service Manager (BBSM) 5.0 + Cisco Building Broadband Service Manager (BBSM) 5.0 + Cisco Call Manager 3.0 + Cisco Call Manager 3.0 + Cisco Call Manager 2.0 + Cisco Call Manager 2.0 + Cisco Call Manager 1.0 + Cisco Call Manager 1.0 + Cisco ICS 7750 + Cisco ICS 7750 + Cisco IP/VC 3540 Video Rate Matching Module + Cisco IP/VC 3540 Video Rate Matching Module + Cisco Unity Server 2.4 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.2 + Cisco Unity Server 2.0 + Cisco Unity Server 2.0 + Cisco uOne 4.0 + Cisco uOne 4.0 + Cisco uOne 3.0 + Cisco uOne 3.0 + Cisco uOne 2.0 + Cisco uOne 2.0 + Cisco uOne 1.0 + Cisco uOne 1.0 + Hancom Hancom Office 2007 0 + Hancom Hancom Office 2007 0 + Microsoft BackOffice 4.5 + Microsoft BackOffice 4.5 + Microsoft Windows NT 4.0 Option Pack + Microsoft Windows NT 4.0 Option Pack

Not Vulnerable:	Microsoft IIS 5.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server

References

Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability

References:

Microsoft Security Bulletin (MS00-063): Frequently Asked Questions (Microsoft)