Microsoft IIS 4.0 URL Redirection DoS Vulnerability

Microsoft IIS 4.0 URL Redirection DoS Vulnerability

Due to the inproper handling of URL redirection in IIS 4.0, it is possible to cause a host to stop responding.

This vulnerability is currently being exploited by the 'Code Red' worm. Upon the worm sending a request attempting to infect the target host, IIS 4.0 will inproperly handle the unusal length of the request and fail.

A restart of the service is required in order to gain normal functionality.

It should be noted that the 'Code Red' worm attempts to exploit a previously discovered vulnerability BID 2880.