Info

Disclosure

Apr 18, 2003

Discovery

Nov 04, 2002

Dates

Exploit

Apr 18, 2003

Solution

Unknown

Description

Microsoft IIS contains a flaw that may allow a remote attacker to exhaust the available memory and force it to restart. The issue is due to IIS not limiting the memory available for constructing headers to be returned to a web client. If an attacker uploaded a specially crafted ASP page that returned an overly large header to the requesting client, IIS will run out of memory.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	ASP	3.0
	IIS	4.0
		5.0
		5.1

References

CVE ID: 2003-0225 (see also: NVD)
Microsoft Knowledge Base Article: 811114
Keyword: AQTRONIX Security Advisory AQ-2003-01
Other Advisory URL: http://www.aqtronix.com/Advisories/AQ-2003-01.txt
Vendor URL: http://www.microsoft.com
Microsoft Security Bulletin: MS03-018

Credit

Parcifal Aertssen - parcifalaqtronix.com - AQTRONIX

Direct URL: http://osvdb.org/4863

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

ASP

IIS

References

Credit