NT IIS SSL DoS Vulnerability

NT Servers running IIS with SSL security enabled are susceptible to a DoS attack due to the server's inability to differentiate between pages that require SSL and those that don't. Therefore, by replacing the 'http' string in the URL with 'https' the server can be forced to encrypt any content in the web site, including high-bandwidth pages. An attacker could, with carefully planned https requests, drive the processor utilization to 100% resulting in extreme slowdown or even failure of the server.


Privacy Statement
Copyright 2010, SecurityFocus