Microsoft IIS '../..' Denial of Service Vulnerability, variant 2

Against

IIS on NT

IDs

ISS: 1638
Bugtraq: 2218
CVE: CAN-1999-0229
LincolnLabs: 1999-Crashiis
SecuritySpace: 10117

Category

Failure to Handle Exceptional Conditions

Effect

Denial of Service

Source

Lincoln Labs data

Description

It is possible to cause a denial of service in Windows IIS 1.0. By requesting a malformed request comprised of '../..' the server service will stop responding. A restart of the service is required in order to gain normal functionality.

Attack string

GET ../../

Attack program source

None available.