PT-2010-3522 · Microsoft · Internet Information Services

Jinsik Shim

Published

2010-09-15

Updated

2021-02-05

CVE-2010-1899

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) versions 5.1 through 7.5

Description A stack consumption issue in the ASP implementation allows remote attackers to cause a denial of service via a crafted request, related to asp.dll. This can lead to a daemon outage.

Recommendations For Microsoft Internet Information Services (IIS) versions 5.1 through 7.5, consider restricting access to the ASP implementation until a fix is available. As a temporary workaround, limiting the size of requests or implementing request filtering may help minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-1899

Affected Products

Internet Information Services

PT-2010-3522 · Microsoft · Internet Information Services

CVE-2010-1899

Weakness Enumeration

Related Identifiers

Affected Products

References · 6