Info

Disclosure

Jan 26, 1999

Discovery

Unknown

Dates

Exploit

Jan 26, 1999

Solution

Unknown

Description

Microsoft IIS contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the presence of a default script (search.asp) of a sample site named "ExAir". If the script is called without having the proper DLL files running, it will cause the server CPU to increase to 100% usage.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Delete the sample scripts from the web server, or restrict access to them.

Products

Microsoft Corporation

IIS

4.0

References

Bugtraq ID: 193
CVE ID: 1999-0449 (see also: NVD)
ISS X-Force ID: 2229
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html

Credit

David Litchfield - mnemonixGLOBALNET.CO.UK - Personal Page

Direct URL: http://osvdb.org/36218