IIS Chunked Encoding Transfer Buffer Overflow Vulnerability

From: Rob Pope (rob.pope@vigilante-uk.com)
Date: Tue Jul 09 2002 - 07:13:10 PDT

Next message: Rico Valdez: "RE: Can't get a shell"

Previous message: Lucas: "RE: MS99-027 - New IIS problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Hi, I am testing an IIS5 server at the moment and my automated vulnerability tool reports that the server is vulnerable to the IIS Chunked Encoding Transfer Buffer Overflow Vulnerability. I am trying to confirm this remotely by using the proof of concept script at http://online.securityfocus.com/bid/4485/exploit/ on iisstart.asp. I'm getting back a HTTP/1.1 100 Continue response. Can anyone confirm whether this is a positive response? Many Thanks ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Next message: Rico Valdez: "RE: Can't get a shell"
Previous message: Lucas: "RE: MS99-027 - New IIS problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 11:25:42 PDT