Info

Disclosure

Aug 05, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IISShield contains a flaw that may allow a remote attacker to bypass the default rules that prevent malicious attacks from reaching the IIS server. The flaw occurs when a specific byte check is sent to the server, IISShield recognizes it as a bad request but fails to drop the request.

Classification

Unknown or Incomplete

Solution

Upgrade to version 1.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

KodeIT

IISShield

1.0.1

References

Secunia Advisory ID: 9440
Vendor URL: http://www.kodeit.org/products/iisshield/default.htm
Generic Informational URL: http://www.kodeit.org/tools/iisshield_log.htm

Credit

Tiago Halm - thalmhotmail.com - KodeIT Development Team

Direct URL: http://osvdb.org/3184