Microsoft IIS 3.0 .htr Missing Variable Denial of Service Vulnerability

Microsoft IIS 3.0 shipped with a number of HTR scripts, one of which could be used to cause a Denial of Service against the hosting machine. Although these scripts were only distributed with IIS 3.0, they would be retained during upgrade to 4.0 or 5.0 and therefore these versions may be vulnerable if they were installed as an upgrade to 3.0. The vulnerable script is used to browse directories and normally expects a directory name as a variable. If a request with this variable blank is received, the script enters an infinite loop resulting in system resource exhaustion. No further details were made available by Microsoft.


Privacy Statement
Copyright 2010, SecurityFocus