[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IIS Vulnerability Content-Type overflow
while testing a few days ago how to reproduce the lastest mdac rds
vulnerability i found that a specially malformed http request to an IIS
Webserver can allow a buffer overflow.
* I don't see a crash
* I don't see "big CPU consume". If I flood with this at 2.8MB/s (!)
I get ~25% CPU usage @ AMD 1800+.
* You can get the same thing with: perl -e 'print "A"x200000'|nc <IP> 80
Bram Matthys (Syzop).