The latest ASP, IIS security vulnerabilities

Source: Internet
Author: User
Tags pack
Author: scholar
When ASP with its flexible, simple, practical, powerful features quickly swept the global web site, some of its own flaws, vulnerabilities are also threatening all web developers, following the introduction of some of the IIS system vulnerabilities and ASP security issues, this period will be for the latest ASP, IIS security vulnerabilities for detailed discussion, please all the ASP Web site developers pay close attention to improve vigilance.
Earlier this month, Microsoft was again blamed for not paying attention to security issues with its Web server software. In Microsoft's popular product IIS
SEVER4.0 was found to have a flaw known as the "illegal HTR request". According to Microsoft, this flaw can cause arbitrary code to run on the server side under certain circumstances. But the CEO of Eeye, an Internet security firm that found this vulnerability,
Firas Bushnaq's words: This is only the tip of the iceberg. Bushnaq said that Microsoft has concealed the situation, such as hackers can use this vulnerability to the IIS server to complete control, and the exact number of E-commerce sites are based on this system.
The following is a list of the details of this IIS system vulnerability:
The latest security vulnerabilities for IIS
Affected Systems:
Internet Information Server 4.0 (IIS4)
Microsoft Windows NT 4.0 SP3 Option Pack 4
Microsoft Windows NT 4.0 SP4 Option Pack 4
Microsoft Windows NT 4.0 SP5 Option Pack 4
Release Date: 6.8.1999
Microsoft has confirmed the vulnerability, but no patches are available at this time.
Microsoft Security Bulletin (ms99-019):
Topic: "Abnormal HTR Request" vulnerability
Release time: 6.15.1999
Summary:
Microsoft has confirmed the Internet Information Server for its published Web server products
A serious system vulnerability exists in 4.0 that causes a "service denial of attack" for the IIS server, in which case any 2-in-process code may be running on the server. A patch for this vulnerability will be released in the near future, with all IIS users watching closely.
Vulnerability Description:
IIS supports a variety of file types that require server-side processing, such as ASP, ASA, IDC, HTR, and when a Web user requests such a file from a client, the corresponding DLL file is processed automatically. However, a serious security breach was found in ISM.DLL, the file responsible for handling HTR files. (Note: The HTR file itself is used to remotely manage user passwords)
This vulnerability contains an unauthenticated buffer in ISM.DLL, which can pose two threats to the security operation of the Web server. First, it comes from the threat of a denial-of-service attack, from an abnormal pair. HTR file requests cause a cache overflow that directly causes IIS to crash, and when this happens, the server does not need to be restarted, but IIS
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.