Hi all.
I have a web application that was under audit and the result said I have to create a ISAPI filter to block requests for URLs with MS-DOS device names to avoid an attack by DoS.
The message is: "The web server running on the remote host appears to be using Microsoft ASP.NET, and may be affected by a denial of service vulnerability. Requesting a URL containing an MS-DOS device name can cause the web server to become temporarily unresponsive. An attacker could repeatedly request these URLs, resulting in a denial of service."
Could you help me in this thread?
I'm using IIS 7.5.
thanks in advance,
Daniel Costa