I was unable to find any useful information on the web about this vulnerability. The question on many minds is whether using a reverse proxy or layer 7 loadbalancer is sufficient protection for IIS servers exposed to the internet. Most of the analyses I found simply said "specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys)" which doesn't really tell us much - Packet is a layer 3 terminology, and we're talking about everything from L3-7.
1 comment
[ 2.1 ms ] story [ 12.6 ms ] thread