IIS Repeated Parameter Request Denial Of Service Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2010-1899
Advisory Date: JUL 21, 2015
DESCRIPTION
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
nvd: Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx
'ASP pages are prohibited by default on IIS 6.0. - The vulnerability is only exploitable when the ASP script writes parameters from the request in the response.'
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004396
Trend Micro Deep Security DPI Rule Name: 1004396 - IIS Repeated Parameter Request Denial Of Service Vulnerability
AFFECTED SOFTWARE AND VERSION
- Microsoft IIS 5.1
- Microsoft IIS 6.0
- Microsoft IIS 7.0
- Microsoft IIS 7.5