Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:IIS:ODATA-PROTOCOL-DOS |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Information Services OData web applications Protocol Denial Of Service |
Release Date |
2013/01/06 |
Update Number |
2222 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Internet Information Services OData web applications Protocol Denial Of Service
This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Information Services(IIS) OData protocol. An attacker can send a specially crafted URL request to a Web page hosted by Internet Information Services. If successful, the attacker can interrupt service where the server would become un-responsive.
Extended Description
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Affected Products
- Microsoft management_odata_iis_extension -
- Microsoft .net_framework 3.5
- Microsoft .net_framework 3.5.1
- Microsoft .net_framework 4.0
References
- CVE: CVE-2013-0005