[22160] in bugtraq
FW: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can crash from Code Red
daemon@ATHENA.MIT.EDU (Hugh Choudhury)
Thu Aug 9 16:36:53 2001
Reply-To: <hugh.choudhury@webhostdir.com>
From: "Hugh Choudhury" <hugh.choudhury@webhostdir.com>
To: <bugtraq@securityfocus.com>
Date: Thu, 9 Aug 2001 18:55:49 +0100
Message-ID: <438D02DB00EBD311800A00B0D0215F521FCCEF@ITS>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
You guys seen this ? Further problems over and above Code Red patches
-----Original Message-----
From: brett@techmesa.com [mailto:brett@techmesa.com]
Sent: 09 August 2001 18:00
To: IISAnswers Newsletter
Subject: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can
crash from Code Red
*************************************************
* IIS Bulletin
* NT4 Sites with Redirects can crash from Code Red
**************************************************
It has been confirmed that despite being patched, some NT4 servers are
subject to crashing when processing URLS from Code Red and its variants.
This occurs on patched NT4 servers that use redirection. W2K is not
affected. Those of you using redirection enabled in the IIS Snap-in
should take immediate action to ensure you are not vulnerable to this
problem.
This is not a problem if you use scripting to redirect your site or
pages.
Microsoft evidently knows about this but has not commented on it
publicly.
Below is the posting including a response from a Microsoft IIS support
team member about the problem.
http://archives.neohapsis.com/archives/incidents/2001-08/0218.html
Dang, this bug is hard to squash!
-brett
---------------------------------
Now Registering for IIS FastTrack
http:/www.iistraining.com
---
This is an announcement only list, do not reply.
You are currently subscribed to iisanswers as: hugh.choudhury@webhostdir.com
To unsubscribe send a blank email to
leave-iisanswers-15362Y@lyris.iislists.com
