Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4637
HistoryJun 03, 2003 - 12:00 a.m.

IIS WebDav Denial of Service attacks - Update to SPI Dynamics

2003-06-0300:00:00
vulners.com
10
JSON

In SPI Dynamics own advisory it mentions that IIS will restart itself -
whilst this is true, by supplying a specific number of bytes, we can
terminate all the threads, but leaving INETINFO still alive. Despite
INETINFO not dying, the process will no longer serve any requests.

This provides a more effective denial of service attack as the administrator
would be required to restart the service manually.

Again, if you have not yet patched your servers, the patch can be obtained
at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-018.asp

Regards

Mark Litchfield
NGS Software Ltd
http://www.ngssoftware.com/
Tel: +44 208 40 100 70 (London)
Tel: +44 1241 431 267
Mobile: +44 790 069 5236
Email: [email protected]

JSON