• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ISS RealSecure Server Sensor SSL Denial Of Service Vulnerability

ISS Server Sensor is prone to a denial of service when handling a malicious request over SSL. This vulnerability could be exploited to crash the underlying Microsoft IIS web server. It should be noted that the service may be automatically restarted.

It is not known if this issue affects other platforms or can be exploited to crash other underlying web server implementations.

The researchers who discovered this vulnerability are currently investigating the possibility of exploiting this issue to execute arbitrary code, though sufficient details are not available regarding this at the time of writing. This BID will be updated if more details become available.