Hello, >>> Microsoft ISA server includes a web proxy component >>> (W3PROXY.EXE) that is used for both the "publishing" >>> of internal web servers to the external network >>> and for proxying of internal requests to external web servers. >>> Sending a URL with a long pathname component to this proxy >>> will cause it to terminate with an access violation error. >>> For example, sending the (valid) HTTP request: >>> GET http://hostname/aaa[3000 more occurences of 'a'] HTTP/1.0\n\n >>> to port 80 on the ISA Server's external interface will cause >>> W3PROXY.EXE to terminate with an access violation. I don't have access to an ISA server for testing, but this DoS attack might also be exploitable from an HTML email message by an outsider using the following <IMG> tag embedded in a message: <img src=http://hostname/aaa[3000 more occurences of 'a']> Another method of generating the DoS attack would be to use JavaScript to create the long URL and then setting the "src" property of an Image object. This code could also be embedded in an HTML email message. Richard
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 12:45:22 PDT