Microsoft IIS '../..' Denial of Service Vulnerability, variant 1

Against

IIS on NT

IDs

SecuritySpace: 10117
ISS: 1638
Bugtraq: 2218
CVE: CAN-1999-0229
LincolnLabs: 1999-Crashiis

Category

Failure to Handle Exceptional Conditions

Effect

Denial of Service

Source

No Source information

Description

It is possible to cause a denial of service in Windows IIS 1.0. By requesting a malformed request comprised of '../..' the server service will stop responding. A restart of the service is required in order to gain normal functionality.

Attack string

GET ../..

Attack program source

None available.