Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

IIS Chunked Encoding Transfer Buffer Overflow Vulnerability

From: Rob Pope <rob.pope () vigilante-uk com>
Date: 9 Jul 2002 14:13:10 -0000


Hi,

I am testing an IIS5 server at the moment and my automated vulnerability 
tool reports that the server is vulnerable to the IIS Chunked Encoding 
Transfer Buffer Overflow Vulnerability.

I am trying to confirm this remotely by using the proof of concept script 
at http://online.securityfocus.com/bid/4485/exploit/ on iisstart.asp. I'm 
getting back a HTTP/1.1 100 Continue response.

Can anyone confirm whether this is a positive response?

Many Thanks

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: