That was fast Doug! I saw your patched message and I still haven't seen Mike's original post.
-Kevin > -----Original Message----- > From: Doug White [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 29, 2003 10:16 AM > To: CF-Community > Subject: Re: Internet Information Services 5.0 Denial of service > > > already patched > > ====================================== > Stop spam on your domain, use our gateway! > For CF hosting solutions http://www.clickdoug.com > ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 > ====================================== > If you are not satisfied with my service, my job isn't done! > > ----- Original Message ----- > From: "Haggerty, Mike" <[EMAIL PROTECTED]> > To: "CF-Community" <[EMAIL PROTECTED]> > Sent: Thursday, May 29, 2003 9:08 AM > Subject: FW: Internet Information Services 5.0 Denial of service > > > | Anybody on IIS 5.x? > | > | M > | > | -----Original Message----- > | From: SPI Labs [mailto:[EMAIL PROTECTED] > | Sent: Wednesday, May 28, 2003 3:04 PM > | To: [EMAIL PROTECTED] > | Subject: Internet Information Services 5.0 Denial of service > | > | > | Internet Information Services 5.0 Denial of service > | > | [Release Date] May 29th, 2003 > | Severity: High > | > | [Systems Affected] > | * Microsoft Information Server 5.0 > | * Microsoft Information Server 5.1 > | > | [Description] > | > | If an attacker sends a Webdav request with a body over 49,153 bytes > | using the 'PROPFIND' or 'SEARCH' request methods, IIS will > be forced > | to restart itself. All web server, email, and active ftp > connections > | will be terminated, along with a disruption of future > sessions during > | the time it takes IIS to restart. The complete advisory is also > | available from our website at: > | http://www.spidynamics.com/iis_alert.html > | > | [Remediation] > | Please install the vendor-supplied patch located at > | http://www.microsoft.com/technet/security/bulletin/MS03-018.asp > | > | [Contact Information] > | > | SPI Labs > | SPI Dynamics R&D Team > | [EMAIL PROTECTED] > | 115 Perimeter Center Place > | Suite 270 > | Atlanta, GA 30346 > | Phone: (678)781-4800 > | Toll-Free Phone: (866)774-2700 > | > | > | SPI Dynamics was founded in 2000 by a team of accomplished Web > | security specialists; SPI Dynamics is the leader in Web application > | security technology. With such signature products as > WebInspect, SPI > | Dynamics is dedicated to protecting companies' most > valuable assets. > | SPI Dynamics has created a new breed of Internet security > products for > | the Web application, the most vulnerable yet least secure > component of > | online business infrastructure. > | > | Copyright (c) 2003 SPI Dynamics, Inc. All rights reserved worldwide. > | > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
