Microsoft IIS URL Redirection Malformed Length DoS
Remote / Network Access
Denial of Service
Loss of Availability
Microsoft IIS contains a flaw that may allow a remote denial of service. The issue occurs when an attacker sends a URL request with a different length than the one specified in the request. This results in an access violation causing IIS to crash and must be restarted. This vulnerability only occurs when URL redirection has been enabled.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.