IIS Chunked Encoding Transfer Buffer Overflow Vulnerability

From: Rob Pope (rob.pope@vigilante-uk.com)
Date: Tue Jul 09 2002 - 10:13:10 EDT


('binary' encoding is not supported, stored as-is) Hi,

I am testing an IIS5 server at the moment and my automated vulnerability
tool reports that the server is vulnerable to the IIS Chunked Encoding
Transfer Buffer Overflow Vulnerability.

I am trying to confirm this remotely by using the proof of concept script
at http://online.securityfocus.com/bid/4485/exploit/ on iisstart.asp. I'm
getting back a HTTP/1.1 100 Continue response.

Can anyone confirm whether this is a positive response?

Many Thanks

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT