Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability

A vulnerability has been identified in the way Microsoft Internet Information Server handles URL errors.

If certain ISAPI filters receive a URL that exceeds the maximum allowable length, the IIS service will fail. The ISAPI filter involved in this vulnerability is installed by Front Page Server Extensions and ASP.NET.

On IIS 4.0 servers, the service must be manually restarted. On IIS 5.0 and 5.1 servers, the service will restart itself automatically.

Custom ISAPI filters may also be affected by this condition.

A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.


Privacy Statement
Copyright 2010, SecurityFocus