Alert: Microsoft Security Bulletin MS04-030 - Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
From: Russ Cooper (Russ.Cooper_at_TRUSECURE.CA)
Date: 10/12/04
- Previous message: Russ Cooper: "Alert: Microsoft Security Bulletin MS04-029 - Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Oct 2004 13:23:28 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS04-030:
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx>
Version Number: 1.0
Issued Date: Tuesday, October 12, 2004
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Patch(es) Replaced: None
Caveats: This update contains a functionality change that may affect some applications. The affected applications issue valid WebDAV requests that have many XML attributes. For more information, see 'Does this update contain any other changes to functionality?' under 'Frequently asked questions (FAQ) related to this security update.'
Tested Software:
Affected Software:
------------------
* Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
<http://tinyurl.com/5fame>
* Microsoft Windows XP and Microsoft Windows XP Service Pack 1
<http://tinyurl.com/4j4qd>
* Microsoft Windows XP 64-Bit Edition Service Pack 1
<http://tinyurl.com/44zbt>
* Microsoft Windows XP 64-Bit Edition Version 2003
<http://tinyurl.com/5tu3v>
* Microsoft Windows Server(tm) 2003
<http://tinyurl.com/5xo7u>
* Microsoft Windows Server 2003 64-Bit Edition
<http://tinyurl.com/5tu3v>
Affected Components:
--------------------
* Internet Information Services 5.0
* Internet Information Services 5.1
* Internet Information Services 6.0
Technical Description:
----------------------
* WebDAV Vulnerability - CAN-2004-0718: A denial of service vulnerability exists that could allow an attacker to send a specially crafted WebDAV request to a server that is running IIS and WebDAV. An attacker could cause WebDAV to consume all available memory and CPU time on an affected server. The IIS service would have to be restarted to restore functionality.
This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1664.40858)
Cheers,
Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor
-- NTBugtraq Editor's Note: Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field. --
- Previous message: Russ Cooper: "Alert: Microsoft Security Bulletin MS04-029 - Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
