This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:IIS:WEBDAV:XML-HANDLER-DOS
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Microsoft WebDAV XML Message Handler Denial of Service
|
Release Date |
2004/10/15
|
Update Number |
1213
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Microsoft WebDAV XML Message Handler Denial of Service
This signature detects denial-of-service (DoS) attempts against the WebDAV XML Message Handler in Microsoft IIS. Attackers can send a malicious HTTP request to a WebDAV enabled IIS server to cause it to consume all system resources. A machine reboot is required to resume service.
Extended Description
Microsoft XML Parser is prone to a remote denial of service vulnerability when handling malformed requests. The vulnerability can be exploited through the WebDAV XML message handler of Microsoft IIS server.
It is reported that this issue requires a remote attacker to create specially crafted WebDAV requests and send them to a vulnerable server over TCP port 80. There is a possibility of increased CPU resource and memory consumption as the IIS server attempts to process these requests. This can eventually lead to a denial of service condition in the server. A reboot is required to restore normal functionality.
This vulnerability can also be exposed through other applications that rely on Microsoft XML Parser to process XML messages.
Affected Products
- Avaya definityone_media_servers R10
- Avaya definityone_media_servers R11
- Avaya definityone_media_servers
- Avaya ip600_media_servers R10
- Avaya ip600_media_servers R11
- Avaya ip600_media_servers
- Avaya modular_messaging_(mss) 1.1.0
- Avaya modular_messaging_(mss) 2.0.0
- Avaya s3400_message_application_server
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers R11
- Avaya s8100_media_servers
- Microsoft iis 5.0
- Microsoft iis 5.1
- Microsoft iis 6.0
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_web_edition
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional
References