Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:970 |
Message | WEB-IIS multiple decode attempt |
Summary | This event is generated when an attempt is made to cause a denial of service of WWW Publishing Service and IIS Administration software. |
Impact | Denial of service. This attack may cause a vulnerable server to stop. |
Detailed Information | Outlook Web Access (OWA) is an optional feature of Microsoft Exchange Server that allows a user to access mail through a web interface supported by Internet Information Services (IIS). A denial of service of the support software WWW Publishing service and IIS Administration can occur when a user enters a long string of '%' characters in the Log On field in OWA and enters these characcters in the username and password field received in the NT challenge dialog. |
Affected Systems | Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4 |
Attack Scenarios | An attacker can enter a long string of '%' characters in OWA Log On and challenge fields to cause a denial of service against a vulnerable server. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the most current version of Microsoft Exchange Server. |
Additional References | Bugtraq http://www.securityfocus.com/bid/3223 |
Rule References | bugtraq: 2708 cve: 2001-0333 nessus: 10671 |
--
DID:280673
--
http://www.aanval.com/