Bugtraq mailing list archives

Re: Xato Advisory: FrontPage DOS Device DoS

From: Daniel Docekal <ddoc () MIA CZ>
Date: Wed, 23 Aug 2000 18:58:46 +0200

Small correction.

Windows 2000 (IIS 5.0) and FrontPage 2000 extensions - while GET with DOS
device in name is ACTIVE, server shows 100% cpu utilization, but still works
and serves other requests. After HTTP GET time out, everything is back to
normal and everything _works_ (so no need to restart anything).  Still it
makes computer go to 100% CPU utilization, so IT IS threat. This is true for
any combination shown by sozni in his report.

Daniel

-----Original Message-----
From: sozni [mailto:sozni () XATO NET]
Sent: Wednesday, August 23, 2000 5:18 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Xato Advisory: FrontPage DOS Device DoS


--------------------------------------------------------------
---------

                     Xato Network Security, Inc.
                          www.xato.net

                     Security Advisory XATO-082000-01
                           August 17, 2000


        FRONTPAGE SERVER EXTENSIONS SHTML.EXE DENIAL OF SERVICE

                         --DOS Device DoS--


--------------------------------------------------------------
---------

Systems Affected
================
FrontPage Server Extensions 1.1 for Windows 9.x, windows NT4,
and Windows
2000

Current thread:

Xato Advisory: FrontPage DOS Device DoS sozni (Aug 23)
- <Possible follow-ups>
- Re: Xato Advisory: FrontPage DOS Device DoS Daniel Docekal (Aug 25)
- Re: Xato Advisory: FrontPage DOS Device DoS Microsoft Security Response Center (Aug 25)