Microsoft Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 i386 Malformed HTTP Request Header DoS source: http://www.securityfocus.com/bid/579/info Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang. IIS activity will be halted until the flood ceases or the service is stopped and restarted. Simple play. I sent lots of "Host:aaaaa...aa" to IIS like... GET / HTTP/1.1 Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes) Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes) ...10,000 lines Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes) I sent twice above request sets. Then somehow victim IIS got memory leak after these requests. Of course, it can not respond any request any more. If you try this, you should see memory increase through performance monitor. You would see memory increase even after those requests finished already. It will stop when you got shortage of virtual memory. After that, you might not be able to restart web service and you would restart computer. I tried this against Japanese and English version of Windows NT.
Related ExploitsTrying to match CVEs (1): CVE-1999-0867
Trying to match OSVDBs (1): 1041
Other Possible E-DB Search Terms: Microsoft Commercial Internet System 2.0/2.5 / IIS 4.0 / Site Server Commerce Edition 3.0 alpha/3.0, Microsoft Commercial Internet System 2.0, Microsoft Commercial Internet System