advertisement
Click Here

Microsoft "Malformed Web Form Submission" Vulnerability Patch (IIS 5.0) MS00-100

Download Now (576.88K)
Tested spyware free

Features

  • License:

    Free

  • Editor's Rating:

    Not rated

  • Average User Rating:

    2.0 stars (out of 8 votes) Rate it!

  • Downloads:

    19,448

  • Requirements:

    Windows 2000

  • Limitations:

    No limitations

  • Date Added:

    January 09, 2001

Publisher's description of Microsoft "Malformed Web Form Submission" Vulnerability Patch (IIS 5.0)

From Microsoft:

This patch eliminates a security vulnerability in a component that ships as part of Microsoft Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected Web server from providing useful service.

The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow Web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process Web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.

To resume normal operation on an IIS 4.0 server, the operator would need to restart the service. In contrast, if an IIS 5.0 server were attacked via this vulnerability, the IIS service would, by default, automatically restart almost immediately. Although any Web sessions that were in progress at the time of the attack would be lost, the server would be able to accept new connections as soon as the service was restarted. FPSE is installed by default as part of IIS 4.0 and 5.0, but, in keeping with best practices, Microsoft recommends that they be disabled if not needed.

Note: This IIS 5.0 patch can be applied atop a system running either Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 2.

YahooToolbar AntiSpy
Search the Web, block pop-ups or spyware, get to your mail.
Download Now
Yahoo Toolbar
Search the Web from anywhere, block pop-ups, get mail.
Download Now

Most popular Corporate Security Software downloads

  1. 2,317 downloads 1. Deep Freeze Standard
  2. 455 downloads 2. McAfee Total Protection for Small Business
  3. 433 downloads 3. Cain & Abel
  4. 344 downloads 4. Spyware Doctor Enterprise Free Edition
  5. 331 downloads 5. Activity Monitor
  6. See all Corporate Security Software downloads
PerfectDisk
Defragment disks, free up space, optimize system performance
Download Now

User reviews

Submit your review

Log in or create an account to submit your review for:

Microsoft "Malformed Web Form Submission" Vulnerability Patch (IIS 5.0) MS00-100

1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit

You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.

All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.

CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.

advertisement
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET