This attack could pose a moderate security threat. It does not require immediate action.
This signature detects an attempt to exploit a vulnerability in the MS IIS FTP service.
A vulnerability exists in the handling of certain user requests in the IIS FTP service.
Pattern-matching function is a function that supports the use of wildcards in filenames and is used by all of the FTP commands. The function is used to expand the wildcards and match the patterns to the filenames.
The pattern-matching function used by a certain FTP command contains a flaw that may result in a denial-of-service condition. If a user submits an FTP command along with a filename containing specially placed wildcard sequences, the pattern-matching function will not allocate sufficent memory. This results in IIS experiencing a denial-of-service condition. All current IIS sessions will disconnect, and any new sessions will be refused until the service has been restarted.
If successfully exploited on IIS 5.0, the server will automatically restart itself. It is possible that a log of the attack will not be recorded.
A manual restart of IIS 4.0 is required in order to gain normal functionality.