ASP.Chunked.Transfer.Encoding
Description
A vulnerability has been reported for Microsoft IIS(Internet Information Services). The vulnerability results from a heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages. This condition affects IIS 4.0 and IIS 5.0. Exploitation of this vulnerability may result in a denial of service or allow a remote attacker to execute arbitrary instructions on the victim host. Microsoft IIS 5.0 is reported to ship with a default script (iisstart.asp) which may be sufficient for a remote attacker to exploit. Other sample scripts may also be exploitable.
Affected Products
Microsoft IIS 5.1
Microsoft IIS 5.0
Microsoft IIS 4.0
Impact
An attacker can cause Denial-of-Service or execute arbitrary code on the victim system.
Recommended Actions
Microsoft Security Bulletin MS02-018 addresses this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |