Microsoft IIS '../..' Denial of Service Vulnerability, variant 1

Against

IIS on NT

IDs

LincolnLabs: 1999-Crashiis
CVE: CAN-1999-0229
SecuritySpace: 10117
ISS: 1638
Bugtraq: 2218

Category

Failure to Handle Exceptional Conditions

Effect

Denial of Service

Source

No Source information

Description

It is possible to cause a denial of service in Windows IIS 1.0. By requesting a malformed request comprised of '../..' the server service will stop responding. A restart of the service is required in order to gain normal functionality.

Attack string

GET ../..

Attack program source

None available.