Re: IIS 5

Tue, 27 Feb 2007 14:07:09 -0800 

Mike,

Mike Coppins wrote:
Have there really been no vulnerabilities in IIS5 since Win2k SP4 Rollup 1? Seems a bit unreal to me... 


Where're you getting your data from? As far as I can see there have been 
two hotfixes released that affect IIS on Windows 2000 since then:


KB 917537 (Microsoft Internet Information Services ASP Code Buffer Overflow)

KB 906910 (Microsoft IIS "500-100.asp" Source Code Disclosure)


Neither of those appear on the list of hotfixes in Rollup 1 
(http://support.microsoft.com/kb/900345/) - which makes sense, since the 
release dates listed for them on secunia 
(http://secunia.com/product/39/?task=advisories) are after April 2005 in 
both cases.



For comparison.. two hotfixes in over 20 months stands up against 4 
released for Apache 1.3.x in the same timeframe.


 - James.

--
  James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

  "The universe is run by the complex interweaving of three
  elements: Energy, matter, and enlightened self-interest." - G'Kar

 https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature














    

  • IIS 5 Mike Coppins
    • 

    • 

    • Re: IIS 5 James (njan) Eaton-Lee
      • 

    










					Reply via email to