Microsoft IIS Malformed File Extension Denial Of Service Vulnerability Network Vulnerability

Summary

This host is missing important security update according to Microsoft Bulletin MS00-030.

Impact

Successful exploitation could slow the servers response or stop it altogether. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms00-030

Insight

The flaw is due to error in IIS, If a malicious user request a file from a web server via an URL containing specially malformed file extension data, the server will become unresponsive for some period of time.

Affected

Microsoft Internet Information Server 4.0/5.0

References

http://technet.microsoft.com/en-us/security/bulletin/ms00-030
http://www.iss.net/security_center/reference/vuln/iis-url-extension-data-dos.htm
http://www.ussrback.com/labs40.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2000-0408

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability (2821818)
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
Microsoft Exchange Server Multiple Vulnerabilities (3009712)
Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)

Microsoft IIS Malformed File Extension Denial of Service Vulnerability

Take action and discover your vulnerabilities