AOH :: Web :: IIS :: BT1004.TXT

ISS Server Sensor Denial of Service 





EnterEdge has discovered a Denial of Service condition in ISS RealSecure 

Server Sensor 7.0. The condition is present when running ISS's RealSecure 

Server Sensor 7.0 on a Microsoft IIS server with SSL.  By passing invalid 

unicode characters via ssl, the server sensor will shut down the IIS 

service.  This was tested with IIS 5.0 using ISS server sensor 7.0 xpu 

20.16 and 20.18.  ISS was notified and has since released xpu 20.19 which 

resolves this DoS vulnerability.  



http://www.enteredge.com/research/can-2003-0702.asp

CVE: CAN-2003-0702

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.