[Am-info] Win - IIS large, content-length header DoS
Fred A. Miller
fm@cupserv.org
Fri, 21 Dec 2001 11:34:19 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Win - IIS large, content-length header DoS
Various people are reporting a potential denial of service found in
IIS 5.0 (and possibly other versions), whereby a remote attacker sends
a content-length header with an extremely large value. As a result,
the server waits for the indicated amount of data to be sent, with
no apparent timeouts.
This vulnerability has not been confirmed. An exploit has been
published.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-12/0098.html
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8I2SLIhTtc6nTZIIRAslyAJ9HBGPTqJp/lATUl+IPiRzmvT3eDACfWCLx
BEZp7yz6NKWFri0O3M0v4Ns=
=98iH
-----END PGP SIGNATURE-----