Summary
A Cross-Site Scripting (XSS) vulnerability affecting IIS 4.0, 5.0 and 5.1 involving the error message that's returned to advise that a
requested URL has been redirected.
An attacker who was able to lure a user into clicking a link on his or her web site could relay a request containing script to a
third-party web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user.
The script would then render using the security settings of the third-party site rather than the attacker's. A buffer overrun that results because IIS 5.0 does not correctly validate requests for certain types of web pages known as server side includes.
A denial of service vulnerability that results because of a flaw in the way IIS 4.0 and 5.0 allocate memory requests when constructing
headers to be returned to a web client.
A denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them. As a result an attacker could cause IIS to fail.
Solution
Microsoft has released a patch to correct these issues
There is a dependency associated with this patch - it requires the patch from Microsoft Security Bulletin MS02-050 to be installed.
If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch.
IIS 4.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1DBC1914-98E9-4DED-ADBF-E9B374A1F79D&displaylang=en
IIS 5.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2F5D9852-4ADD-44F8-8715-AC3D7D7D94BF&displaylang=en
IIS 5.1:
32-bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=77CFE3EF-C5C5-401C-BC12-9F08154A5007&displaylang=en
64-bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=86F4407E-B9BF-4490-9421-008407578D11&displaylang=en
The IIS 4.0 patch can be installed on systems running Windows NT 4.0 Service Pack 6a. http://support.microsoft.com/kb/241211
The IIS 5.0 patch can be installed on systems running Windows 2000 Service Pack 2 or Service Pack 3. http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.mspx http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/default.mspx
The IIS 5.1 patch can be installed on systems running Windows XP Professional Gold and Service Pack 1. http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Severity
Classification
-
CVE CVE-2003-0223, CVE-2003-0224, CVE-2003-0225, CVE-2003-0226 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)