Used Microsoft Malformed Web Form Submission Vulnerability Patch (IIS 5.0) for Windows? Share your experience and help other users.
Developer’s Description
The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow Web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process Web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.
To resume normal operation on an IIS 4.0 server, the operator would need to restart the service. In contrast, if an IIS 5.0 server were attacked via this vulnerability, the IIS service would, by default, automatically restart almost immediately. Although any Web sessions that were in progress at the time of the attack would be lost, the server would be able to accept new connections as soon as the service was restarted. FPSE is installed by default as part of IIS 4.0 and 5.0, but, in keeping with best practices, Microsoft recommends that they be disabled if not needed.
Used Microsoft Malformed Web Form Submission Vulnerability Patch (IIS 5.0) for Windows? Share your experience and help other users.
Explore More
SODAT Privacy Protection Tool
FreebVPN
Trial version
SecureHero File System Auditor
Trial version
VShell Server (64-bit)
Free
VShell Server
Trial version
VShell Server (64-bit)
Trial versionUtopia
FreeAdaptive Security Analyzer
Trial versionEMOS
Free
SecureHero Logon Reporter
Trial version
Lobby Track Free Edition
Free
SecureHero Group Reporter
Trial version
