Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Whats wrong with the way IIS 4.0 performs URL redirection?

IIS performs url redirection wrong
0
Posted

Whats wrong with the way IIS 4.0 performs URL redirection?

0 CommentsAdd a Comment

1 Answer

0

Within a web page request is information that says how long the request is. If that information is incorrect, and the request’s actual length is longer, it sets off a complex chain of events that ultimately cause the service to fail. This sounds like a potential buffer overrun. Is it? No. The request does not overrun any buffers. This is an important point, because it means that this issue can only be used to disrupt service – not gain control of the server. What could an attacker do via this vulnerability? An attacker could send such a request to a server in an attempt to prevent the server from performing useful service. What would be required to put the server back into service? The administrator could restore normal service by restarting the IIS 4.0 service. Why is the Code Red worm implicated in this issue? When the worm tries to infect a server, it does so by sending a request that attempts to exploit the vulnerability discussed in Microsoft Security Bulletin MS01-033. However, t

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123