Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability

IIS 4.0 is subject to a denial of service due to the mishandling of URL requests. This issue is a result of a flaw in Windows NT 4.0.
If a remote user requests a specifically malformed URL, an invalid memory request is made by inetinfo.exe. The end result is that all system resources are used until inetinfo.exe is eventually automatically shut down by NT. A restart of the service is required in order to gain normal functionality.


 

Privacy Statement
Copyright 2010, SecurityFocus