Bugtraq mailing list archives
IIS 4 Advisory - ExAir sample site DoS
From: mnemonix () GLOBALNET CO UK (mnemonix)
Date: Tue, 26 Jan 1999 16:35:41 -0000
This advisory is for those that have Internet Information Server 4 installed with the IIS sample site "ExAir". There are three Active Server Pages that, if called directly without the default ExAir page and associated dlls ever having been loaded into the IIS memory space, will hang and eventually time out after 90 secs - the default script timeout period. Whilst in this state, processor usage increases to 100% and the server becomes very sluggish. These pages are: Exair - root/search/advsearch.asp Exair - root/search/query.asp Exair -root/search/search.asp The Exair directory and all subdirectories should be deleted - they are not needed. NTInfoScan will check if your site is vulnerable to this problem. More information about NTInfoScan can be found at http://www.infowar.co.uk/mnemonix/ntinfoscan.htm Cheers, David Litchfield http://www.infowar.co.uk/mnemonix ps - apologies to the owner of the server.com domain.
Current thread:
- IIS 4 Advisory - ExAir sample site DoS mnemonix (Jan 26)