|
Family: Denial of Service --> Category: denial
NT IIS Malformed HTTP Request Header DoS Vulnerability Vulnerability Scan
Vulnerability Scan Summary Performs a denial of service against IIS
Detailed Explanation for this Vulnerability Test
It was possible to crash the remote web server
by sending a malformed header request, like :
GET / HTTP/1.1
Host: aaaaaaaaaaaa... (200 bytes)
Host: aaaaaaaaaaaa... (200 bytes)
... 10,000 lines ...
Host: aaaaaaaaaaaa... (200 bytes)
This flaw allows a possible hacker to shut down your
webserver, thus preventing legitimate users from
connecting to your web server.
Solution : See http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx
if you are using IIS. Or else, contact the vendor of
your web server and notify it of this flaw.
Threat Level: High
Bugtraq Id : 579
Click HERE for more information and discussions on this network vulnerability scan.
|