Vulnerability Development mailing list archives
Re: MS IIS - HTR still a problem?
From: marc () EEYE COM (Marc)
Date: Fri Mar 24 03:36:39 2000
The .HTR overflow was fixed in service pack 6. The CPU usage was probably something to do with Nessus grinding for cgi holes. The best thing to do though would be to run a sniffer and see what Nessus is sending at the IIS server. Signed, Marc eEye Digital Security http://www.eEye.com ------------------------ Time: Thu, 23 Mar 2000 17:24:40 +0000 From: Pete Philips <Pete Philips <pete () S3 INTEGRALIS CO UK>> Subject: MS IIS - HTR still a problem? Ref: CVE ID CAN-1999-0874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0874 Playing with IIS 4 at a customers site the other day, a colleague and I came across the following scenario. The IIS was patched to SP6a and none of the standard HTR exploits had any effect. It didn't even seem to notice - not even a rise in CPU load. We then ran Nessus which caused it to go to 100% CPU for the duration of the attack. It was verified that this was in fact the cause by running this one test alone. Attempting to apply the MS Hotfix, we were told that the service pack already had a newer version of the fix. Is IIS still vulnerable to an HTR DoS attack? Anyone found similar? Pete. --------------------------------------------------------------- | Pete Philips \|/ | | Integralis Network Systems O | | E-mail: pete.philips () integralis co uk | | Phone: +44 118 930 6060 | | PGP Key: http://www.integralis.co.uk/security/pgp/pete.pgp | ---------------------------------------------------------------
Current thread:
- Re: MS IIS - HTR still a problem? Marc (Mar 24)