Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
BID:51527
Info
Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
| Bugtraq ID: | 51527 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-2897 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 22 2007 12:00AM |
| Updated: | May 22 2007 12:00AM |
| Credit: | Kingcope, 3APA3A |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
Microsoft Internet Information Services is prone to a security-bypass vulnerability.
Remote attackers can exploit this issue to hang the application, denying service to legitimate users, or disclose sensitive information. Attackers with physical access to the system may be able to execute arbitrary code with the privileges of the application.
Microsoft Internet Information Services 6.0 is vulnerable; other versions may also be affected.
Microsoft Internet Information Services is prone to a security-bypass vulnerability.
Remote attackers can exploit this issue to hang the application, denying service to legitimate users, or disclose sensitive information. Attackers with physical access to the system may be able to execute arbitrary code with the privileges of the application.
Microsoft Internet Information Services 6.0 is vulnerable; other versions may also be affected.
Exploit / POC
Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
An attacker can exploit the issue using standard tools.
The following exploit is available:
An attacker can exploit the issue using standard tools.
The following exploit is available:
Solution / Fix
Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
Microsoft Internet Information Services DOS Device Request Security Bypass Vulnerability
References:
References:
- Microsoft IIS Homepage (Microsoft)
- Question Regarding IIS 6.0 / Is this a DoS??? (kingcope)
- Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? (3APA3A )