Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IIS 5.1 DoS exploit released - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IIS 5.1 DoS exploit released
A Denial of Service (DoS) exploit against IIS 5.1 was brought to our attention. Source code of the exploit is being distributed from multiple sites. The claimed effect of the exploit is to stop the inetinfo.exe process.

We have warned Microsoft and are awaiting a reaction from them.

Confirmation the code works and/or snort IDS signatures will cause updates to this story as we get them.

The smartest mitigation strategy at this point is to plan an upgrade to the most recent version of IIS.

--
Swa Frantzen
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!