VULHUB ™

Patch Available for "Domain Resolution" and "FTP Download" regarding the following problems: (1) IIS 4.0 provides the ability to restrict access to a web site based on the user's domain. However, if IIS cannot resolve a user's IP address to a domain, it will grant the user's first request for a session. It will correctly deny them thereafter. This vulnerability affects IIS 4.0 only; it does not any other Microsoft product, including MCIS. (2) A user who accesses an FTP site via a browser will be able to download files even if they are marked No Access. This vulnerability is due to a regression error that was introduced in hotfixes released after Windows NT 4.0 Service Pack 5; it does not exist in SP5 or in previous versions. This vulnerability affects both IIS 4.0 and MCIS 2.5, but no other Microsoft products.

Patch Available for "Domain Resolution" and "FTP Download" regarding the following problems: (1) IIS 4.0 provides the ability to restrict access to a web site based on the user's domain. However, if IIS cannot resolve a user's IP address to a domain, it will grant the user's first request for a session. It will correctly deny them thereafter. This vulnerability affects IIS 4.0 only; it does not any other Microsoft product, including MCIS. (2) A user who accesses an FTP site via a browser will be able to download files even if they are marked No Access. This vulnerability is due to a regression error that was introduced in hotfixes released after Windows NT 4.0 Service Pack 5; it does not exist in SP5 or in previous versions. This vulnerability affects both IIS 4.0 and MCIS 2.5, but no other Microsoft products.