Check Point Advisories

Microsoft IIS Repeated Parameter Request Denial of Service (MS10-065; CVE-2010-1899)

Vulnerability
Protection

Check Point Reference:	CPAI-2010-260
Date Published:	14 Sep 2010
Severity:	High
Last Updated:	Monday 17 March, 2014
Source:
Industry Reference:	CVE-2010-1899
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description	IIS is a collection of Internet services packaged with several versions of the Windows operating system. A denial of service vulnerability has been reported in Microsoft Internet Information Services (IIS). A remote attacker could use this issue to create a denial of service condition, thus crashing the vulnerable service. The vulnerability is due to a stack overflow error in the IIS service resulting from excessive recursion. An attacker may exploit this issue by crafting an HTTP POST request that will cause the server to become unresponsive for some period of time. Successful exploitation of this vulnerability would cause the affected system to stop responding and automatically restart.

Protection Overview

This protection will detect and block HTTP POST requests attempting to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

In the IPS tab, click Protections and find the Microsoft IIS Repeated Parameter Request Denial of Service (MS10-065) protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Server Enforcement Violation.
Attack Information: Microsoft IIS repeated parameter request denial of service (MS10-065)