GEN:SID | 1:970 |
Message | WEB-IIS multiple decode attempt |
Summary | This event is generated when an attempt is made to cause a denial of service of WWW Publishing Service and IIS Administration software.
|
Impact | Denial of service. This attack may cause a vulnerable server to stop.
|
Detailed Information | Outlook Web Access (OWA) is an optional feature of Microsoft Exchange Server that allows a user to access mail through a web interface supported by Internet Information Services (IIS). A denial of service of the support software WWW Publishing service and IIS Administration can occur when a user enters a long string of '%' characters in the Log On field in OWA and enters these characcters in the username and password field received in the NT challenge dialog.
|
Affected Systems | Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4
|
Attack Scenarios | An attacker can enter a long string of '%' characters in OWA Log On and challenge fields to cause a denial of service against a vulnerable server.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the most current version of Microsoft Exchange Server.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/3223
|
Rule References | bugtraq: 2708
cve: 2001-0333
nessus: 10671
|