Mike,

Mike Coppins wrote:
> Have there really been no vulnerabilities in IIS5 since Win2k SP4 Rollup
> 1? Seems a bit unreal to me...

Where're you getting your data from? As far as I can see there have been
two hotfixes released that affect IIS on Windows 2000 since then:

KB 917537 (Microsoft Internet Information Services ASP Code Buffer Overflow)

KB 906910 (Microsoft IIS "500-100.asp" Source Code Disclosure)

Neither of those appear on the list of hotfixes in Rollup 1
(http://support.microsoft.com/kb/900345/) - which makes sense, since the
release dates listed for them on secunia
(http://secunia.com/product/39/?task=advisories) are after April 2005 in
both cases.

For comparison.. two hotfixes in over 20 months stands up against 4
released for Apache 1.3.x in the same timeframe.

- James.

--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

"The universe is run by the complex interweaving of three
elements: Energy, matter, and enlightened self-interest." - G'Kar

https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
0? *?H?÷

 ?0?

10 +0? *?H?÷


 ? ü0?ú0?â 
`0
 *?H?÷


0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷


support (at) cacert (dot) org0 [email concealed]
061218190127Z
071218190127Z0B10UCAcert WoT User1&0$ *?H?÷


james.mailing (at) gmail (dot) com0 [email concealed]?
"0
 *?H?÷



?
0?

?

ër&âQ?p?ËOÏD±x??D÷u?)¢×?O?K·¨í̳u#ú/¹CFu'ܳiÖHhþZ}?¾p¯?1.)ó?W
ȶº`æ¦à®?»zÓçµ?XQ?ځZ±5!¥5°Í* êX¿?i?«>ïð¼¬å½mt?E?@
Txúj&U=bh&¼??ø¶·lÙӐj¦È@ÄÞ?j?¬??â3EiíKÁ??;À»ÅËD?
¶ô@Ï¥?/;>r¹»ü??ñýÇñ?X?º/e¿S®}?'?6öâÅ???^¡êG?ål`P{?r»{@Û6¼B¹ j!Õ?X«

£Á0¾0U

ÿ00V `?H
?øB

IGTo get your own certificate for FREE head over to http://www.CAcert.org02+


&0$0"+
0
?http://ocsp.cacert.or
g0"U0james.mailing (at) gmail (dot) com0 [email concealed]
 *?H?÷


?
s@UgOrþ´²?ãMÈ{P±"MôØÀÅ¢zp«?ø1+ HX[M?ƝbÞñ@H½]pÆté?X¼à/öïN
+Aå{??FÅ8lf§/2ïÙ²Ü)µü2ýt?®Ô¸~?ên<?°2?Åã? CÝ8¥?Gå?oþ°´x³¹ß4Lsî¸LÌ?&lZ¡Ú?Â^Ӂ,
?Àþ/NrÌZô°Ê¤Ö?~"i0*yYí¡
[ÈF4¥#ÎP¨t?® Ã{è¤{?
ªg?#-9Ö<®iFãª"À?"Û¸FJFûÏýQÅÔßhv~
Ü.?®N?oK7Yãk?w¤H?ñ1w\je!Õ2
å?³óåÒÿ?òµ¡?eþrL*©Ñ;~"Ë×N#âéÊ6Û?]Vkx¬D³Èñ°??¬J?tbµ?ÔʪíäÖs:
t??xSbö5¯fû¿$IGÅóâÔ7·âm?ÞYô<í <üxõ¯jBÑ4"êt?«»ÕÎä¸?[˳a5-̨^ËWÙÓ1ìvc$¹ñ?ÀNÝS[ÜÁý¢)ó?Ï%{¿ üg=ë?å»uS¬BQ~Õ®3?GÛX?gbé~àBÚ?eàÑn%ót?vÊF?gG̺?þ?^,*èx3k?÷táZrf'¥??Å0
?ú0?â 
`0
 *?H?÷


0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷


support (at) cacert (dot) org0 [email concealed]
061218190127Z
071218190127Z0B10UCAcert WoT User1&0$ *?H?÷


james.mailing (at) gmail (dot) com0 [email concealed]?
"0
 *?H?÷



?
0?

?

ër&âQ?p?ËOÏD±x??D÷u?)¢×?O?K·¨í̳u#ú/¹CFu'ܳiÖHhþZ}?¾p¯?1.)ó?W
ȶº`æ¦à®?»zÓçµ?XQ?ځZ±5!¥5°Í* êX¿?i?«>ïð¼¬å½mt?E?@
Txúj&U=bh&¼??ø¶·lÙӐj¦È@ÄÞ?j?¬??â3EiíKÁ??;À»ÅËD?
¶ô@Ï¥?/;>r¹»ü??ñýÇñ?X?º/e¿S®}?'?6öâÅ???^¡êG?ål`P{?r»{@Û6¼B¹ j!Õ?X«

£Á0¾0U

ÿ00V `?H
?øB

IGTo get your own certificate for FREE head over to http://www.CAcert.org02+


&0$0"+
0
?http://ocsp.cacert.or
g0"U0james.mailing (at) gmail (dot) com0 [email concealed]
 *?H?÷


?
s@UgOrþ´²?ãMÈ{P±"MôØÀÅ¢zp«?ø1+ HX[M?ƝbÞñ@H½]pÆté?X¼à/öïN
+Aå{??FÅ8lf§/2ïÙ²Ü)µü2ýt?®Ô¸~?ên<?°2?Åã? CÝ8¥?Gå?oþ°´x³¹ß4Lsî¸LÌ?&lZ¡Ú?Â^Ӂ,
?Àþ/NrÌZô°Ê¤Ö?~"i0*yYí¡
[ÈF4¥#ÎP¨t?® Ã{è¤{?
ªg?#-9Ö<®iFãª"À?"Û¸FJFûÏýQÅÔßhv~
Ü.?®N?oK7Yãk?w¤H?ñ1w\je!Õ2
å?³óåÒÿ?òµ¡?eþrL*©Ñ;~"Ë×N#âéÊ6Û?]Vkx¬D³Èñ°??¬J?tbµ?ÔʪíäÖs:
t??xSbö5¯fû¿$IGÅóâÔ7·âm?ÞYô<í <üxõ¯jBÑ4"êt?«»ÕÎä¸?[˳a5-̨^ËWÙÓ1ìvc$¹ñ?ÀNÝS[ÜÁý¢)ó?Ï%{¿ üg=ë?å»uS¬BQ~Õ®3?GÛX?gbé~àBÚ?eàÑn%ót?vÊF?gG̺?þ?^,*èx3k?÷táZrf'¥??Å1
??0??

0?0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷


support (at) cacert (dot) org [email concealed]`0 + ?
Û0 *?H?÷

1 *?H?÷


0 *?H?÷

1
070227170942Z0# *?H?÷

1$Ԑ©É¬ÆÝdO÷nÊ#ß$¶ô0R *?H?÷

1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷

@0+0
*?H?÷

(0? +

?71?0?0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷


support (at) cacert (dot) org [email concealed]`0?*?H?÷

1? ?0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷


support (at) cacert (dot) org [email concealed]`0
 *?H?÷



?

ÓrùA¹-ìTú ¿EÙ?:ÑêW´?¯ØiIty|s?[
âWݼ?<½m?ç?12,LhåªVü?!ÛPÕìÅ÷?@?¼¨½BrÒÅh×À)??À|ˤ??³è?ä÷«YÑä
TÅC¤½
§Ó.1ô±Ó-Tum=|¬Ä'a??" Þ[ç?rK¼êY?î/£, {Ä©Ô¼ d÷Oé¼À8ûÖÇ»"FPP?°Å4?j÷%*ÿ"Φ£?toén)
I°e¬"âÛV[}01Û?ÿó´LáGÓZGj»?Ï¡tË?£?ÕÎ5FáǸ

[ reply ]