Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 FTP:MS-FTP:IIS7-5-DOS

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 FTP

Keywords

 Microsoft IIS 7.5 Unauthenticated Denial of Service

Release Date

 2010/12/22

Update Number

 1837

Supported Platforms

 idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

FTP: Microsoft IIS 7.5 Unauthenticated Denial of Service


This signature detects attempts to exploit a known vulnerability in Microsoft Internet Information Server version 7.5, which is included in Windows 7. An unauthenticated user can send a malformed request and crash the process, causing a denial of service (DoS).

Extended Description

Microsoft IIS is prone to a buffer-overflow vulnerability affecting the application's FTP service. Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the FTP service, resulting in denial-of-service conditions. IIS 7.5 is vulnerable; other versions may also be affected.

Affected Products

  • Avaya Aura Conferencing 6.0.0 Standard
  • Microsoft IIS 7.0
  • Microsoft IIS 7.5

References

  • BugTraq: 45542
  • CVE: CVE-2010-3972
  • URL: http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx
  • URL: http://www.exploit-db.com/exploits/15803/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out