Microsoft IIS Long URL Denial of Service Vulnerability

Microsoft IIS Long URL Denial of Service Vulnerability

Microsoft Internet Information Server is vulnerable to a denial of service.

This particular denial of service affects versions 2.0, 3.0 and 4.0 of the server prior to service pack 4.

The URL which causes this issue is of the format "http://server/?anything=XXXXX" - note that no existing file need be requested.

This is not a buffer overflow; a URL of specific length must be sent (between 4k and 8k), anything longer or shorter will not affect the server.