The information in this article applies to:
SYMPTOMSSpecially-malformed GET requests can create a Denial of Service in the W3 server and use all available memory on the Web server, which causes Internet Information Server (IIS) to stop responding or generate an Access Violation error message. RESOLUTION
A supported fix that corrects this problem is now available from
Microsoft, but has not been fully regression tested and should be applied
only to systems experiencing this specific problem. If you are not
severely affected by this specific problem, Microsoft recommends that you
wait for the next Windows NT service pack.
http://support.microsoft.com/support/supportnet/default.asp The English version of this fix for IIS 4.0 should have the following file attributes or later:
The English version of this fix for IIS 3.0 should have the following file
attributes or later:
The IIS 4.0 version of this hotfix has been posted to the following
Internet location as Infget4i.exe (x86) and Infget4a.exe (Alpha):
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/ NOTE: The above link is one path; it has been wrapped for readability. The IIS 3.0 version of this hotfix must be installed over Windows NT 4.0, service pack 4, and has been posted to the following Internet location as Infget3i.exe (x86) and Infget3a.exe (Alpha): ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/NOTE: The above link is one path; it has been wrapped for readability. NOTE: If you contact Microsoft to obtain this fix, a fee may be charged. This fee is refundable if it is determined that you only require the fix you requested. However, this fee is non-refundable if you request additional technical support, if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support. For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base: Q154871 : Determining If Your Product Is Eligible for No-Charge Technical Support STATUSMicrosoft has confirmed this to be a problem in Internet Information Server versions 3.0 and 4.0. Additional query words: IIS hotfix hot fix qfe quick fix engineering patch
Keywords : kbbug4.00 kbfix4.00 kbbug3.00 iissecurity iiswww kbfix3.00 |
Last Reviewed: November 16, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |