Re: IIS 5
- From: "James (njan) Eaton-Lee" <james.mailing@xxxxxxxxx>
- Date: Tue, 27 Feb 2007 17:09:42 +0000
Mike,
Mike Coppins wrote:
Have there really been no vulnerabilities in IIS5 since Win2k SP4 Rollup 1? Seems a bit unreal to me...
Where're you getting your data from? As far as I can see there have been two hotfixes released that affect IIS on Windows 2000 since then:
KB 917537 (Microsoft Internet Information Services ASP Code Buffer Overflow)
KB 906910 (Microsoft IIS "500-100.asp" Source Code Disclosure)
Neither of those appear on the list of hotfixes in Rollup 1 (http://support.microsoft.com/kb/900345/) - which makes sense, since the release dates listed for them on secunia (http://secunia.com/product/39/?task=advisories) are after April 2005 in both cases.
For comparison.. two hotfixes in over 20 months stands up against 4 released for Apache 1.3.x in the same timeframe.
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
"The universe is run by the complex interweaving of three
elements: Energy, matter, and enlightened self-interest." - G'Kar
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- References:
- IIS 5
- From: Mike Coppins
- IIS 5
- Prev by Date: RE: Vista "complaints"
- Next by Date: RE: Vista "complaints"
- Previous by thread: IIS 5
- Index(es):
Relevant Pages
|
