Microsoft IIS GET Request Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running Microsoft IIS Webserver and is prone to denial of service vulnerability.

Impact

Successful exploitation will let the remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Impact Level: Application

Solution

Upgrade to latest version of IIS and latest Microsoft Service Packs. For updated refer, http://www.microsoft.com/

Insight

The flaw is due to an error in the handling of HTTP GET requests that contain a tunable number of '../' sequences in the URL.

Affected

Microsoft Internet Information Server 2.0 and prior on Microsoft Windows NT

References

http://en.securitylab.ru/nvd/246425.php
http://www.iss.net/security_center/reference/vuln/HTTP_DotDot.htm
http://xforce.iss.net/xforce/xfdb/1638

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0229
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
bozotic HTTP server Denial of Service Vulnerability
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
IIS Service Pack - 404
IBM WebSphere Application Server Multiple Vulnerabilities

Microsoft IIS GET Request Denial of Service Vulnerability

Take action and discover your vulnerabilities