|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
This bug is almost exactly like OSVDB ID#3301, except that it is caused by a different component of the ASP data transfer process and does not affect version IIS version 5.1. Also, the URLScan tool can be used to mitigate this bug, but cannot be used for OSVDB ID#3301.
|
|
Solution |
Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:
1. Disable ASP - Version 1.0 of the IIS Lockdown Tool disables ASP by default, and version 2.1 disables ASP if "Static Web Server" is selected.
2. The URLScan tool can be configured to block chunked encoding requests.
|
|
Products |
|
IIS
 |
4.0 |
5.0 |
|
|
|
|
Tools & Filters |
|
Nikto
|
325
326
485
3373
|
|
Nessus
|
10935
|
|
Snort
|
1618
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
