Microsoft IIS 4.0 'Chunked Encoding Post' Vulnerability patchMicrosoft has released a patch that eliminates a security vulnerability in Microsoft? Internet Information Server 4.0. The vulnerability could allow a malicious user to consume all resources on a web | |
Download |
Microsoft IIS 4.0 'Chunked Encoding Post' Vulnerability patch Ranking & Summary
Advertisement
Microsoft IIS 4.0 'Chunked Encoding Post' Vulnerability patch Tags
- vulnerability checker vulnerability webpage vulnerability server vulnerability vulnerability scanner Microsoft Security Essentials LSASS vulnerability vulnerability detector Detect Vulnerability Vulnerability Detection consume rows consume software vulnerability vulnerability report Vulnerability Finder Vulnerability Searcher Windows Server security patch network vulnerability security vulnerability vulnerability tester test vulnerability Vulnerability Protection Vulnerability Analysis Web Vulnerability Scanner Web Vulnerability Messenger Vulnerability Vulnerability Assessment Informix Vulnerability DB2 Vulnerability Oracle Vulnerability SQL Server Vulnerability Scan Vulnerability XSS vulnerability vulnerability update vulnerability news test web server vulnerability Vulnerability Scan Scan for Vulnerability Vulnerability Repair Repair Vulnerability vulnerability management SQL injection vulnerability vulnerability identification microsoft baseline security ana
Microsoft IIS 4.0 'Chunked Encoding Post' Vulnerability patch Description
Microsoft has released a patch that eliminates a security vulnerability in Microsoft? Internet Information Server 4.0. The vulnerability could allow a malicious user to consume all resources on a web server and prevent it from servicing other users (aka Denial of Service Attack). IIS 4.0 supports chunked encoding transfers, but does not limit the size of the buffer that can be reserved. This would allow a malicioususer to request an extremely large buffer for a POST or PUT operation, but never actually send data, thereby blocking memory on the server that had been allocated to the session. If sufficient memory on the server were blocked in this fashion, it could prevent the server from performing useful work. There is no capability through this attack to create, modify or delete data on the server, nor is there anycapability to usurp administrative control of the server. If the malicious user closed his session, the memory would be released and the server's operation would return to normal.Otherwise, the machine could be put back into normal service by stopping and restarting the service.
Microsoft IIS 4.0 'Chunked Encoding Post' Vulnerability patch Related Software