DOCUMENT:Q238349 TITLE :Specially-Malformed Header in GET Request Creates Denial of Service PRODUCT :IIS PROD/VER:4.0 OPER/SYS:WINDOWS NT KEYWORD :kbbug4.00 kbfix4.00 ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server version 4.0 - Microsoft Site Server version 3.0 - Microsoft Commercial Internet System versions 2.0, 2.5 - Microsoft Site Server version 3.0, Commerce Edition ------------------------------------------------------------------------------- SYMPTOMS ======== A specially-malformed header in a GET request can create a Denial of Service in the W3 server and use all available memory on the Web server, causing Internet Information Server (IIS) to stop responding to any request. RESOLUTION ========== A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web: http://www.microsoft.com/support/supportnet/overview/overview.asp The English version of this fix should have the following file attributes or later: Date Time Size File name Platform ------------------------------------------------------------- 08/11/99 11:03p 328,512 asp.dll x86 08/11/99 11:01p 43,456 coadmin.dll x86 08/11/99 11:03p 11,168 ftpctrs2.dll x86 08/11/99 11:03p 81,888 ftpsvc2.dll x86 08/11/99 10:06p 11,396 httpext.h x86 08/11/99 11:02p 17,424 iisadmin.dll x86 08/11/99 11:01p 62,960 iislog.dll x86 08/11/99 11:01p 16,848 infoadmn.dll x86 08/11/99 11:01p 184,736 infocomm.dll x86 08/11/99 11:01p 29,520 iscomlog.dll x86 08/11/99 11:02p 11,248 iwrps.dll x86 08/11/99 11:01p 71,232 metadata.dll x86 08/11/99 11:02p 51,296 nsepm.dll x86 09/17/98 07:26p 992 rmiisupd.cmd x86 08/11/99 11:02p 14,752 w3ctrs.dll x86 08/11/99 11:02p 229,008 w3svc.dll x86 08/11/99 11:02p 87,504 wam.dll x86 08/11/99 10:55p 549,136 asp.dll Alpha 08/11/99 10:53p 77,072 coadmin.dll Alpha 08/11/99 10:54p 17,168 ftpctrs2.dll Alpha 08/11/99 10:54p 126,736 ftpsvc2.dll Alpha 08/11/99 10:08p 11,396 httpext.h Alpha 08/11/99 10:54p 28,432 iisadmin.dll Alpha 08/11/99 10:53p 112,400 iislog.dll Alpha 08/11/99 10:53p 25,872 infoadmn.dll Alpha 08/11/99 10:53p 303,888 infocomm.dll Alpha 08/11/99 10:53p 45,840 iscomlog.dll Alpha 08/11/99 10:54p 16,656 iwrps.dll Alpha 08/11/99 10:53p 131,856 metadata.dll Alpha 08/11/99 10:54p 87,824 nsepm.dll Alpha 01/25/99 06:43p 992 rmiisupd.cmd Alpha 08/11/99 10:54p 21,264 w3ctrs.dll Alpha 08/11/99 10:54p 385,296 w3svc.dll Alpha 08/11/99 10:54p 149,264 wam.dll Alpha This hotfix has been posted to the following Internet location as Vdext4i.exe (x86) and Vdext4a.exe (Alpha): ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/ NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee. For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base: Q154871 Determining If You Are Eligible for No-Charge Technical Support STATUS ====== Microsoft has confirmed this to be a problem in Internet Information Server 4.0. Additional query words: ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.