Detections
Analytics

Microsoft IIS FTP Server NLST Command Overflow DoS

medium Nessus Plugin ID 10118

Synopsis

The remote web server is affected by a denial of service vulnerability.

Description

It is possible to make the IIS FTP server close all the active connections by issuing a too long NLST command, which will make the server crash. An attacker can use this flaw to prevent people from downloading data from your FTP server.

Solution

Apply the patch referenced above.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/1999/ms99-003

Plugin Details

Severity: Medium

ID: 10118

File Name: iis_ftp_crash.nasl

Version: 1.45

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: ftp/login

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/24/1999

Reference Information

CVE: CVE-1999-0349

BID: 192

MSFT: MS99-003

MSKB: 188348