Penetration Testing mailing list archives
IIS Chunked Encoding Transfer Buffer Overflow Vulnerability
From: Rob Pope <rob.pope () vigilante-uk com>
Date: 9 Jul 2002 14:13:10 -0000
Hi, I am testing an IIS5 server at the moment and my automated vulnerability tool reports that the server is vulnerable to the IIS Chunked Encoding Transfer Buffer Overflow Vulnerability. I am trying to confirm this remotely by using the proof of concept script at http://online.securityfocus.com/bid/4485/exploit/ on iisstart.asp. I'm getting back a HTTP/1.1 100 Continue response. Can anyone confirm whether this is a positive response? Many Thanks ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IIS Chunked Encoding Transfer Buffer Overflow Vulnerability Rob Pope (Jul 11)