Microsoft IIS Malformed File Extension Denial Of Service Vulnerability Network Vulnerability

Summary

This host is missing important security update according to Microsoft Bulletin MS00-030.

Impact

Successful exploitation could slow the servers response or stop it altogether. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms00-030

Insight

The flaw is due to error in IIS, If a malicious user request a file from a web server via an URL containing specially malformed file extension data, the server will become unresponsive for some period of time.

Affected

Microsoft Internet Information Server 4.0/5.0

References

http://technet.microsoft.com/en-us/security/bulletin/ms00-030
http://www.iss.net/security_center/reference/vuln/iis-url-extension-data-dos.htm
http://www.ussrback.com/labs40.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2000-0408

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Microsoft Lync Server Remote Denial of Service Vulnerability (2990928)
Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
Microsoft Graphics Component Information Disclosure Vulnerability (3013126)
Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)

Microsoft IIS Malformed File Extension Denial of Service Vulnerability

Take action and discover your vulnerabilities