[enteredgelogo.jpg]
   
                                                               
    EnterEdge Technology takes a holistic approach to ensuring the Confidentiality, Integrity and Availability of data. By
     combining best-of-breed technology with security expertise, education and managed security services, EnterEdge helps
                                      organizations lower costs and improve efficiencies.


   [securitycenterheader.gif]


   Release Date: August 14, 2003

   CVE Number: CAN-2003-0702

   Severity: High (Denial of Service)

   Systems Affected (confirmed):
   ISS Server Sensor version 7.0 XPU 20.16
   ISS Server Sensor version 7.0 XPU 20.18

   Synopsis: By sending a properly formatted URL via SSL, an attacker can successfully shut down Microsofts IIS service
   stopping all web and ftp servers.

   Technical Description: This vulnerability was tested with an IIS 5.0 server, running an ISS host based server sensor 7.0
   xpu 20.16 and xpu 20.18.

   ISS server sensor 7.0 has the ability to plug into ISS via an ISAPI plug-in to allow for IDS on SSL traffic.

   By simply sending a properly formatted URL via SSL, the ISAPI filter will crash IIS shutting down the service entirely.
   IIS 5 may automatically restart the service when it detects that the service has stopped.

   We are currently testing this vulnerability in XPU 20.16 and 20.18 for remote code execution or code redirection.

   We contacted ISS on or about August 14th concerning this issue. ISS has since released XPU 20.19 which addresses this
   specific issue.

   Credit: EnterEdge Technology, LLC

   Copyright (c) 1998-2003 EnterEdge Technology
   Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way
   without express consent of EnterEdge Technology. If you wish to reprint the whole or any part of this alert in any other
   medium excluding electronic medium, please e-mail research@enteredge.com for permission.

   Disclaimer
   The information within this paper may change without notice. Use of this information constitutes acceptance for use in an
   AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any
   damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this
   information is at the user's own risk.

   Feedback
   Please send suggestions, updates, and comments to: research@enteredge.com
   EnterEdge Technology  http://www.enteredge.com

                Copyright © 2001 EnterEdge Technology, LLC 5500 Interstate N. Pkwy Suite 440 Atlanta, GA 30328
                                             Phone: 770.955.9899 Fax 770.955.9896