Guest Connected: 54940   Bookmark Us     Contact Us  
Total Shareware
Currently Listed: 244,916 Applications


  Utilities - Patches and Updates

Link To Program

  Microsoft IIS 4.0 'Chunked Encoding Post' Vulnerability patch  -  Version  MS00-018

Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Internet Information Server 4.0. The vulnerability could allow a malicious user to consume all resources on a web server and prevent it from servicing other users (aka Denial of Service Attack). IIS 4.0 supports chunked encoding transfers, but does not limit the size of the buffer that can be reserved. This would allow a malicious user to request an extremely large buffer for a POST or PUT operation, but never actually send data, thereby blocking memory on the server that had been allocated to the session. If sufficient memory on the server were blocked in this fashion, it could prevent the server from performing useful work. There is no capability through this attack to create, modify or delete data on the server, nor is there any capability to usurp administrative control of the server. If the malicious user closed his session, the memory would be released and the server's operation would return to normal. Otherwise, the machine could be put back into normal service by stopping and restarting the service.

To link to this program use the html below (use text editor and check the exact syntax):

<a href="http://www.TotalShareware.com/LinkToItem.aspx?id=8902">View this program at www.TotalShareware.com</a>

This link will appear like:

View this program at www.TotalShareware.com