Deformity URL can cause IIS 5.0 and Exchange 2000 stop service

zhaozj2021-02-08  267

Deformity URL can cause IIS 5.0 and Exchange 2000 stop service

(Transferred from Green Meng Technology)

Release Date: 2001-3-13

Update Date: 2001-3-13

Affected system:

Microsoft Internet Information SERVICES 5.0

Microsoft Exchange 2000

description:

-------------------------------------------------- ------------------------------

IIS 5.0 There is a security vulnerability. If a URL is carefully constructed, its length is in a specific

In the range, an attacker submits such a URL to the affected system, which may result in IIS memory

The assignment is an error, making the IIS service failed.

Exchange 2000 also received the impact of the same problem. In order to support web-based Mail clients,

ExcahNGE 2000 also provides features accessible through the URL. This feature part passes IIS 5.0

Realize, the other part exists in ExcahNGE 2000. But these two part of the code have this vulnerability

However, attacks can only make IIS fail, and cannot cause hazards for Exchange services. The result is only used

Buyers can no longer use web-based mail clients to access Exchange, use MAPI-based

Mail client, such as Outlook, can still access Exchange.

IIS 5.0 will automatically restart after receiving the attack, so it will return to normal operation after the attack is stopped.

<* Source: Kevin Kotas of EsecurityOnline.com (http://esecurityonline.com)

Microsoft Security Announcement (MS01-014): http://www.microsoft.com/technet/security/bulletin/ms01-014.asp

*>

-------------------------------------------------- ------------------------------

Suggest:

Vendor patch:

Microsoft has released a safety announcement (MS01-014) and corresponding patches for this.

Microsoft Security Announcement (MS01-014):

Http://www.microsoft.com/technet/security/bulletin/ms01-014.asp

Patch download:

Microsoft IIS 5.0:

http://www.microsoft.com/downloads/release.asp?releaseid=28155

Microsoft Exchange 2000:

http://www.microsoft.com/downloads/release.asp?releaseid=28369

Note: Exchange 2000 administrators should all install two patches above

转载请注明原文地址:https://www.9cbs.com/read-2081.html

New Post(0)