Re: RE: SecureIIS - From the Focus-MS list...

From: Riley Hassell (rootat_private)
Date: Wed Aug 01 2001 - 13:50:05 PDT

  • Next message: Paul Rogers: "OBRS - Open Business Reporting Standard"

    The problem was eliminated and we are preparing to release 1.2.1 by the end
    of the day. We also have fixed this in 2.0 which is due out very soon, which
    also includes a whole array of new cool features.
    
    
    Riley Hassell
    Network Penetration Specialist
    eEye Digital Security
    
    Get up...
    and light the world on fire.
    
    
    
    
    ----- Original Message -----
    From: "Jon Zobrist" <kgbat_private>
    To: <vuln-devat_private>
    Sent: Wednesday, August 01, 2001 8:28 AM
    Subject: Fwd: RE: SecureIIS - From the Focus-MS list...
    
    
    > FYI..
    > This message was posted to focus-ms, sounds like a possible exploit/DoS
    that
    > would affect SecureIIS systems with FrontPage enabled...
    >
    > ----------  Forwarded Message  ----------
    > Subject: RE: SecureIIS
    > Date: Mon, 30 Jul 2001 16:19:08 -0400
    > From: Aaron Dokey <adokeyat_private>
    > To: "'focus-msat_private'" <focus-msat_private>
    >
    >
    > I'm in the process of evaluating the product, and my web people (no matter
    > how hard I try) still use FrontPage 2000 to publish.  I've managed to get
    > publishing working OK, but when someone publishes a semi-large file (e.g.
    a
    > 6MB access database) the size of my IIS process balloons until it takes up
    > all available memory and eventually renders the box useless until IIS is
    > restarted.  On the client end FP just seems to stick on the file until the
    > server disconnects (from running out of memory).  I've enabled FrontPage
    > extensions in SecureIIS as well as disabled everything having to do with
    the
    > POST method.
    >
    > I've replicated this problem on two machines, both running WinNT 4.0 SP6a
    > and the latest IIS hotfixes.
    >
    > I sent email to eEye early last week about this problem, and if any of you
    > have encountered a similar problem and the solution I'd be happy to know.
    > I'd like to purchase the product, but I can't run something that has this
    > effect on my web cluster (obviously).
    >
    > -Aaron
    >
    > -----Original Message-----
    > From: p_jenkinsat_private [mailto:p_jenkinsat_private]
    > Sent: Sunday, July 29, 2001 5:20 PM
    > To: Matt.Bartelat_private; focus-msat_private
    > Subject: Re: SecureIIS
    >
    >
    > I have yet to see any published reviews yet but speaking from my own
    > experiences i have been happy with it. I had some problems with FrontPage
    > and Outlook Web Access but the lastest version corrected all the problems
    I
    > was having.
    >
    > Cheers.
    >
    > P Jenkins
    >
    > At Fri, 27 Jul 2001 10:26:31 -0500, "Bartel, Matt" <Matt.Bartelat_private>
    >
    > wrote:
    > >How widely used in the industry is SecureIIS by eEye?
    > >(http://www.secureiis.com/html/Products/SecureIIS/index.html)
    > >
    > >I am thinking of testing this out, and was curious as to whether there
    were
    > >recommendations, suggestions, reviews or otherwise that would help guide
    my
    > >decision.  Any opinions, facts, links or otherwise would be appreciated.
    > >
    > >Thank you!
    > >-Matt
    >
    > Free, secure Web-based email, now OpenPGP compliant - www.hushmail.com
    >
    > -------------------------------------------------------
    >
    



    This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 14:14:58 PDT