Short Name |
HTTP:IIS:ODATA-PROTOCOL-DOS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Information Services OData web applications Protocol Denial Of Service |
Release Date |
2013/01/06 |
Update Number |
2222 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Information Services(IIS) OData protocol. An attacker can send a specially crafted URL request to a Web page hosted by Internet Information Services. If successful, the attacker can interrupt service where the server would become un-responsive.
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."