A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Microsoft Finds No Hole in IIS 6

Microsoft Finds No Hole in IIS 6

By ServerWatch Staff (Send Email)
Posted Jan 1, 2010


Download the authoritative guide: Data Center Guide: Optimizing Your Data Center Strategy

Download the authoritative guide: Cloud Computing: Using the Cloud for Competitive Advantage

Last week Soroush Dalili posted to his web site about a semicolon bug in IIS that could result in a vulnerability in the Web server from Microsoft. After careful review, the software deemed the claim to be false, eSecurity Planet reports.


After testing claims that IIS 6 is vulnerable to a zero-day attack, Microsoft declared the wild goose chase off.

Microsoft officials say that a hacker who claims to have found a critical zero-day hole in an older version of Internet Information Services (IIS), the company's Web server, is wrong.

"We've completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS," Christopher Budd, a security program manager in the Microsoft Security Response Center (MSRC), said in a blog post Tuesday.

The claims came in a blog post on Christmas Day by hacker Soroush Dalili. In his post, Dalili said that IIS 6, the version of Microsoft's Web server that came with Windows Server 2003, is vulnerable to attacks based on sending the server a file that uses semi-colons in the file name to trick IIS into thinking the file has one file extension when it actually has another.

Stuart Johnston is a contributing writer to InternetNews.com, based in Bellevue, Wash.

Read the rest of "Microsoft: No Hole in IIS 6 - www.esecurityplanet.com" at eSecurity Planet

Follow ServerWatch on Twitter

Page 1 of 1

Thanks for your registration, follow us on our social networks to keep up-to-date