Alnini.comEnterprise Computing » Corporate Security » Microsoft
  

Microsoft "Malformed Web Form Submission" Vulnerability Patch (IIS 5.0) MS00-100


This patch eliminates a security vulnerability in a component that ships as part of Microsoft Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected Web server from providing useful service.

The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow Web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process Web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.

To resume normal operation on an IIS 4.0 server, the operator would need to restart the service. In contrast, if an IIS 5.0 server were attacked via this vulnerability, the IIS service would, by default, automatically restart almost immediately. Although any Web sessions that were in progress at the time of the attack would be lost, the server would be able to accept new connections as soon as the service was restarted. FPSE is installed by default as part of IIS 4.0 and 5.0, but, in keeping with best practices, Microsoft recommends that they be disabled if not needed.

Note: This IIS 5.0 patch can be applied atop a system running either Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 2.

Publisher:

File size:

576KB

Date added:

09/01/2001

Licence:

Free

Requirements:

Windows 2000

Un/Install:

No

Downloads:

1,538

Download Now!

See Also

VisualLookout 5.0g

Monitor and record activity on your network.

ZoneAlarm Pro 5.1.011

Apply comprehensive and customizable security to your Internet connection.

PacketAlarm 4.0

Establish a barrier against attacks and unauthorized access to your network.

Partners
• 

RSS | FAQ |

Links | Maestro

Copyright © 2004-2023 Alnini, Inc. All Rights Reserved. Privacy Policy | Terms of UseGeneration time: 0.02 | SQL queries: 8