Rapid7 Vulnerability & Exploit Database

NT IIS Malformed HTTP Request Header DoS Vulnerability

Back to Search

NT IIS Malformed HTTP Request Header DoS Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
08/11/1999
Created
07/25/2018
Added
11/01/2004
Modified
07/31/2012

Description

Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang. IIS activity will be halted until the flood ceases or the service is stopped and restarted

Solution(s)

  • http-iis-0035

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;