|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ISS Server Sensor Denial of Service
research
enteredge.com
Date: Fri Sep 05 2003 - 11:38:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
EnterEdge has discovered a Denial of Service condition in ISS RealSecure
Server Sensor 7.0. The condition is present when running ISS's RealSecure
Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid
unicode characters via ssl, the server sensor will shut down the IIS
service. This was tested with IIS 5.0 using ISS server sensor 7.0 xpu
20.16 and 20.18. ISS was notified and has since released xpu 20.19 which
resolves this DoS vulnerability.
http://www.enteredge.com/research/can-2003-0702.asp
CVE: CAN-2003-0702
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]