Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
ISS Server Sensor Denial of Service
Sep 05 2003 04:38PM
research enteredge com
EnterEdge has discovered a Denial of Service condition in ISS RealSecure
Server Sensor 7.0. The condition is present when running ISS's RealSecure
Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid
unicode characters via ssl, the server sensor will shut down the IIS
service. This was tested with IIS 5.0 using ISS server sensor 7.0 xpu
20.16 and 20.18. ISS was notified and has since released xpu 20.19 which
resolves this DoS vulnerability.
http://www.enteredge.com/research/can-2003-0702.asp
CVE: CAN-2003-0702
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
EnterEdge has discovered a Denial of Service condition in ISS RealSecure
Server Sensor 7.0. The condition is present when running ISS's RealSecure
Server Sensor 7.0 on a Microsoft IIS server with SSL. By passing invalid
unicode characters via ssl, the server sensor will shut down the IIS
service. This was tested with IIS 5.0 using ISS server sensor 7.0 xpu
20.16 and 20.18. ISS was notified and has since released xpu 20.19 which
resolves this DoS vulnerability.
http://www.enteredge.com/research/can-2003-0702.asp
CVE: CAN-2003-0702
[ reply ]