Check Point Advisories

Microsoft IIS Malformed URL Denial of Service (MS07-041; CVE-2005-4360)

Check Point Reference: CPAI-2005-346
Date Published: 30 Sep 2009
Severity: Critical
Last Updated: Wednesday 29 April, 2015
Source:
Industry Reference:CVE-2005-4360
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description The Internet Information Server (IIS) is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server component that is capable of serving static, as well as dynamic content. A memory corruption vulnerability exists in Microsoft Internet Information Services (IIS) WWW component. The vulnerability is caused by improper handling of certain malformed request URLs. A remote unauthenticated attacker can send a specially crafted URL four times to the target IIS service to cause the service to crash or execute arbitrary code on the target system with privileges of the target service, normally System. In a successful attack exploiting this vulnerability, after the attacker sends out a malicious request more than three times to the target host, The target IIS service will terminate immediately upon processing of the fourth request, thus causing a temporary denial of service condition of its affected services. If the attacker continues sending out crafted HTTP requests, a prolonged denial of service condition is created. Each time the server is shut down as a result of an attack, all established HTTP sessions are terminated. Note that in the default configuration, the affected IIS service will be restarted automatically.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Microsoft IIS Malformed URL Denial of Service (MS07-041) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Microsoft IIS malformed URL denial of service (MS07-041)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK