A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Microsoft Patches 'Critical' Windows 2000 Flaw

Microsoft Patches 'Critical' Windows 2000 Flaw

By Ryan Naraine (Send Email)
Posted Mar 18, 2003


The Computer Emergency Response Team (CERT/CC) on Monday issued an advisory for a buffer overflow vulnerability in Microsoft IIS 5.0 running on Microsoft Windows 2000, warning sysadmins that an exploit is already circulating. An exploit for the security vulnerability is already publicly available, increasing the urgency for the application of the patch.

Microsoft issued a "critical" rating on the flaw and issued a patch while warning that the vulnerability may allow a remote attacker to run arbitrary code on an infected machine.

"An exploit is publicly available for this vulnerability, which increases the urgency that system administrators apply a patch," the Center warned. IIS 5.0 is installed and running by default on Microsoft Windows 2000 server products.

CERT/CC said the unchecked buffer was detected in a Windows component of the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol, which is supported by Windows 2000. An attacker could send a specially formed HTTP request to a machine running IIS, causing the server to fail or to execute code of the attacker's choice.

WebDAV uses IIS to pass requests to and from Windows 2000. Microsoft explained that when IIS receives a WebDAV request, it typically processes the request and then acts on it. However, if the request is formed in a particular way, a buffer overrun can result because one of the Windows components called by WebDAV does not correctly check parameters.

Page 1 of 1

Thanks for your registration, follow us on our social networks to keep up-to-date