already patched ====================================== Stop spam on your domain, use our gateway! For CF hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done!
----- Original Message ----- From: "Haggerty, Mike" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Thursday, May 29, 2003 9:08 AM Subject: FW: Internet Information Services 5.0 Denial of service | Anybody on IIS 5.x? | | M | | -----Original Message----- | From: SPI Labs [mailto:[EMAIL PROTECTED] | Sent: Wednesday, May 28, 2003 3:04 PM | To: [EMAIL PROTECTED] | Subject: Internet Information Services 5.0 Denial of service | | | Internet Information Services 5.0 Denial of service | | [Release Date] May 29th, 2003 | Severity: High | | [Systems Affected] | * Microsoft Information Server 5.0 | * Microsoft Information Server 5.1 | | [Description] | | If an attacker sends a Webdav request with a body over 49,153 bytes using | the 'PROPFIND' or 'SEARCH' request methods, IIS will be forced to restart | itself. All web server, email, and active ftp connections will be | terminated, along with a disruption of future sessions during the time it | takes IIS to restart. The complete advisory is also available from our | website at: http://www.spidynamics.com/iis_alert.html | | [Remediation] | Please install the vendor-supplied patch located at | http://www.microsoft.com/technet/security/bulletin/MS03-018.asp | | [Contact Information] | | SPI Labs | SPI Dynamics R&D Team | [EMAIL PROTECTED] | 115 Perimeter Center Place | Suite 270 | Atlanta, GA 30346 | Phone: (678)781-4800 | Toll-Free Phone: (866)774-2700 | | | SPI Dynamics was founded in 2000 by a team of accomplished Web security | specialists; SPI Dynamics is the leader in Web application security | technology. With such signature products as WebInspect, SPI Dynamics is | dedicated to protecting companies' most valuable assets. SPI Dynamics has | created a new breed of Internet security products for the Web application, | the most vulnerable yet least secure component of online business | infrastructure. | | Copyright (c) 2003 SPI Dynamics, Inc. All rights reserved worldwide. | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
