Nessus Plugin #10732
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
IIS 5.0 WebDav Memory Leakage
- Family:
- Denial of Service
- Category:
- infos
- Copyright:
- INTRANODE - 2001
- Summary:
- Check the presence of a Memory Leakage in the IIS 5 httpext.dll (WebDav).
- Version:
- $Revision: 1.20 $
- Cve_id:
- -
- Bugtraq_id:
- 2736
- Xrefs:
- -
- Description:
The WebDav extensions (httpext.dll) for Internet Information
Server 5.0 contains a flaw that may allow a malicious user to
consume all available memory on the target server by sending
many requests using the LOCK method associated to a non
existing filename.
This concern not only IIS but the entire system since the flaw can
potentially exhausts all system memory available.
Vulnerable systems: IIS 5.0 ( httpext.dll versions prior to 0.9.3940.21 )
Immune systems: IIS 5 SP2( httpext.dll version 0.9.3940.21)
Solution: Download Service Pack 2/hotfixes from Microsoft web
at http://windowsupdate.microsoft.com
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.