|
Family: Denial of Service --> Category: infos
IIS 5.0 WebDav Memory Leakage Vulnerability Scan
Vulnerability Scan Summary Check the presence of a Memory Leakage in the IIS 5 httpext.dll (WebDav).
Detailed Explanation for this Vulnerability Test
The WebDav extensions (httpext.dll) for Internet Information
Server 5.0 contains a flaw that may allow a malicious user to
consume all available memory on the target server by sending
many requests using the LOCK method associated to a non
existing filename.
This concern not only IIS but the entire system since the flaw can
potentially exhausts all system memory available.
Vulnerable systems: IIS 5.0 ( httpext.dll versions prior to 0.9.3940.21 )
Immune systems: IIS 5 SP2( httpext.dll version 0.9.3940.21)
Solution: Download Service Pack 2/hotfixes from Microsoft web
at http://windowsupdate.microsoft.com
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|