Preface: ISAPI index extension overflowLogo -Internet Security Systems

ISAPI index extension overflow
advICE :Intrusions : 2002608
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Large amounts of input was sent to an ISAPI extension, possibly in an attempt to break into the IIS web-server.

Details

ISAPI is a high-performance method of extending Microsoft web-servers, included with both IIS (Internet Information Server) and PWS (Personal Web Server). Like CGI (another popular extension for all web-servers), ISAPI has the problem that numerous vendors write their own extensions. The diversity of these extensions mean that many of them contain vulnerabilities that allow intruders to break in. This event attempts to catch unknown exploits against these extensions.

Trigger

This alert triggers when excessively large input is sent to the extension. Other alerts might trigger from this same event, such as HTTP field with binary.

 more information
MS Bulletin: MS01-033   Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
 
q300972  
 
CVE-2001-0500  
  
 
Version appeared: 2.5
Privacy Policy |  Copyright Info