Stack Consumption Vulnerability in Microsoft Internet Information Services
CVE-2010-1899

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server; Internet Information Services
Vendor: CVE Published:; 15 September 2010

What is CVE-2010-1899?

A stack consumption vulnerability exists in the ASP implementation of Microsoft Internet Information Services (IIS) versions 5.1, 6.0, 7.0, and 7.5. This allows remote attackers to trigger a denial of service condition by sending specially crafted requests to the affected server. The issue is linked to the handling of requests by asp.dll, leading to potential server outages.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 15, 2010
Vulnerability Reserved
May 11, 2010