Vulnerability: Microsoft IIS DoS

BugTraq has reported Microsoft IIS 5.0 may be prone to a denial of service condition when sent a specially crafted malformed HTTP GET header.

"If an IIS 5.0 web server is sent a crafted HTTP GET request which contains a falsified and excessive 'Content-Length' field, it behaves in an unusual manner. The server keeps the connection open and does not time out, but does not respond otherwise. It is possible that this may be used to cause a denial of service to the web server."

More information can be found at

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftSecurityFocus

Show Comments