Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
BID:9660
Info
Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9660 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2004 12:00AM |
| Updated: | Feb 14 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to [email protected]. |
| Vulnerable: |
Microsoft IIS 5.0 |
| Not Vulnerable: | |
Discussion
Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
Microsoft IIS has been reported prone to a remote denial of service vulnerability. It has been reported that an exploit developed as a proof-of-concept for the issues described in BID 8732 (OpenSSL ASN.1 Parsing Vulnerabilities), when invoked against Microsoft IIS 5.0, will trigger a denial of service.
Although unconfirmed this issue may be related to the issues described in BID 9633 (Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability) and BID 9635 (Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability).
Microsoft IIS has been reported prone to a remote denial of service vulnerability. It has been reported that an exploit developed as a proof-of-concept for the issues described in BID 8732 (OpenSSL ASN.1 Parsing Vulnerabilities), when invoked against Microsoft IIS 5.0, will trigger a denial of service.
Although unconfirmed this issue may be related to the issues described in BID 9633 (Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability) and BID 9635 (Microsoft Windows ASN.1 Library Bit String Processing Integer Handling Vulnerability).
Exploit / POC
Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
The following proof of concept exploit was developed to trigger the issues described in BID 8732 (OpenSSL ASN.1 Parsing Vulnerabilities). This exploit is also reported to trigger the issue described in this BID.
The following proof of concept exploit was developed to trigger the issues described in BID 8732 (OpenSSL ASN.1 Parsing Vulnerabilities). This exploit is also reported to trigger the issue described in this BID.
Solution / Fix
Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
References:
References: