Internet Information Services 5.0 Denial of service |
Internet Information Services 5.0 Denial of service
[Release Date] May 29th, 2003 Severity: High [Systems Affected] * Microsoft Information Server 5.0 * Microsoft Information Server 5.1 [Description] If an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods, IIS will be forced to restart itself. All web server, email, and active ftp connections will be terminated, along with a disruption of future sessions during the time it takes IIS to restart. The complete advisory is also available from our website at: http://www.spidynamics.com/iis_alert.html [Remediation] Please install the vendor-supplied patch located at http://www.microsoft.com/technet/security/bulletin/MS03-018.asp |