Vulnerability Development mailing list archives

Re: Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)

From: Ivan Hernandez <ivan.hernandez () globalsis com ar>
Date: Wed, 06 Mar 2002 15:41:11 -0300

Your understood is correct. Your patch would solve the problem correctly !

Ivan Hernandez

Bob at firstcodings wrote:

Hi members,

I think no patch has been released at this day.... so, I wrote one myself
using ISAPI filters.
As I understood RFCs, a hit generated by a "GET" method, does not need the
"Content-Length:" header. If this is true, I think my filter is correct.

The page is http://bob.firstcodings.com/programs/dropcontentlengthget/
(source code is included). For now, please consider this filter as "beta
release".
I installed this filter on a production server which has an average load :
after 2 days and at this point, all is fine. Above all, exploit described in
bid 3667 does not work anymore.

Thanks to email me at "dropContentLengthGet () firstcodings net" for any
comments/feedbacks/suggestions about this filter.


Bob - firstcodings.
P.S : my english may not be correct, sorry :)

Current thread:

Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667) Bob at firstcodings (Mar 04)
- Re: Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667) Ivan Hernandez (Mar 06)