|Check Point Reference:||CPAI-2008-351|
|Date Published:||14 Dec 2009|
|Last Updated:||27 Jan 2019|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||The VMware server is a server virtualization platform that allows a single physical server to run multiple virtual machines simultaneously. The server provides a web-based management interface called VMware Management Console. For VMware server hosted on windows servers, the IIS server is used to provide the management console web services. There exists a vulnerability in the ISAPI extension provided by VMware Server to extend support to IIS for running Perl scripts. By supplying overly large data to the ISAPI extension iisperl.dll in a POST request, a remote attacker can terminate the IIS service and create a Denial of Service condition. Upon processing malicious POST request, the affected IIS server process will terminate, which triggers a Denial of Service condition. On most installations, the service will restart automatically to resume the normal operation.|
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Content Protection Violation.
Attack Information: VMware Server ISAPI Extension Remote Denial Of Service