Microsoft IIS 4.0 Domain Resolution Vulnerability

IIS 4.0 and CIS 2.5 allow an administrator the option to restrict access by specifying a domain or an IP address If a domain is restricted, but a machine in that domain that cannot be resolved makes an HTTP request, the IIS server will respond as usual. Any subsequent requests will be denied.

Restricted hosts with an IP address that can be resolved to a domain name will be denied access from the first request.


Privacy Statement
Copyright 2010, SecurityFocus