Vulnerability Development mailing list archives
Re: IIS Vulnerability Content-Type overflow
From: Syzop <syz () dds nl>
Date: Tue, 03 Dec 2002 23:48:40 +0100
Hi, at4r wrote:
while testing a few days ago how to reproduce the lastest mdac rds vulnerability i found that a specially malformed http request to an IIS Webserver can allow a buffer overflow.
* I don't see a crash * I don't see "big CPU consume". If I flood with this at 2.8MB/s (!) I get ~25% CPU usage @ AMD 1800+. * You can get the same thing with: perl -e 'print "A"x200000'|nc <IP> 80 Cya, Bram Matthys (Syzop).
Current thread:
- IIS Vulnerability Content-Type overflow at4r (Dec 03)
- Re: IIS Vulnerability Content-Type overflow Syzop (Dec 03)
- Re: IIS Vulnerability Content-Type overflow Dan Hanson (Dec 03)