Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

IIS Remote Command Execution Vulnerability Scan

Vulnerability Scan Summary
Acertains if arbitrary commands can be executed

Detailed Explanation for this Vulnerability Test

Synopsis :

Arbitary commands can be executed on the remote web server

Description :

When IIS receives a user request to run a script, it renders
the request in a decoded canonical form, then performs
security checks on the decoded request. A vulnerability
results because a second, superfluous decoding pass is
performed after the initial security checks are completed.
Thus, a specially crafted request could allow a possible hacker to
execute arbitrary commands on the IIS Server.


Threat Level:

High / CVSS Base Score : 7

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.