NT IIS Malformed HTTP Request Header DoS Vulnerability

[_/info\_] [_/discussion\_] [_/exploit\_] [_/solution\_]
[_/credit\_] [_/help\_]

Quoted from Nobuo Miwa's post to Bugtraq:

Simple play. I sent lots of "Host:aaaaa...aa" to IIS
like...

GET / HTTP/1.1
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)
...10,000 lines
Host: aaaaaaaaaaaaaaaaaaaaaaa....(200 bytes)

I sent twice above request sets. Then somehow victim IIS
got memory leak after these requests. Of course, it can
not respond any request any more. If you try this, you
should see memory increase through performance monitor.
You would see memory increase even after those requests
finished already. It will stop when you got shortage of
virtual memory. After that, you might not be able to
restart web service and you would restart computer. I
tried this against Japanese and English version of
Windows NT.

           Copyright 1999 Security-Focus.Com, All Rights Reserved
                                disclaimer