Microsoft IIS ExAir sample site denial of service
| iis-exair-dos (2229) |  Medium Risk |
Description:
Installations of Internet Information Server (IIS) that include the "ExAir" sample site pages are vulnerable to a denial of service attack. If certain ExAir .asp (active server page) pages are requested directly and not from the main page, the pages do not load the needed DLLs correctly, and the server's CPU usage increases to 100%. By submitting such a request for these .asp pages, an attacker can exhaust all CPU resources on the server.
Platforms Affected:
- Microsoft, IIS 4.0
- Microsoft, Windows 2000
- Microsoft, Windows NT 4.0
Remedy:
Remove the IIS ExAir Sample Site from your installation of IIS. More information is available in the Getting Started with the Windows NT 4.0 Option Pack white paper, available from the Microsoft Web site. See References.
Consequences:
Denial of Service
References:
- BugTraq Mailing List, Tue, 26 Jan 1999 16:35:41 -0000, IIS 4 Advisory - ExAir sample site DoS at http://archives.neohapsis.com/archives/bugtraq/1999_1/0336.html.
- Microsoft Corporation Web site, Getting Started with the Windows NT 4.0 Option Pack at http://www.microsoft.com/ntserver/appservice/deployment/planguide/ntopdg.asp.
- BID-193: NT IIS4 DoS - ExAir Sample Site Vulnerability
- CVE-1999-0449: The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
- OSVDB ID: 2: Microsoft IIS ExAir search.asp Direct Request DoS
- OSVDB ID: 3: Microsoft IIS ExAir query.asp Direct Request DoS
- OSVDB ID: 4: Microsoft IIS ExAir advsearch.asp Direct Request DoS
Reported:
Jan 26, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net