[31440] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ISS Server Sensor Denial of Service

daemon@ATHENA.MIT.EDU (research@enteredge.com)
Fri Sep 5 13:14:32 2003

Date: 5 Sep 2003 16:38:04 -0000
Message-ID: <20030905163804.18255.qmail@sf-www2-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <research@enteredge.com>
To: bugtraq@securityfocus.com

EnterEdge has discovered a Denial of Service condition in ISS RealSecure 
Server Sensor 7.0. The condition is present when running ISS's RealSecure 
Server Sensor 7.0 on a Microsoft IIS server with SSL.  By passing invalid 
unicode characters via ssl, the server sensor will shut down the IIS 
service.  This was tested with IIS 5.0 using ISS server sensor 7.0 xpu 
20.16 and 20.18.  ISS was notified and has since released xpu 20.19 which 
resolves this DoS vulnerability.  

http://www.enteredge.com/research/can-2003-0702.asp
CVE: CAN-2003-0702


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31440] in bugtraq

ISS Server Sensor Denial of Service

daemon@ATHENA.MIT.EDU (research@enteredge.com)Fri Sep 5 13:14:32 2003

daemon@ATHENA.MIT.EDU (research@enteredge.com)
Fri Sep 5 13:14:32 2003