Family: Web Servers --> Category: infos
IIS Remote Command Execution Vulnerability Scan
Vulnerability Scan Summary
Acertains if arbitrary commands can be executed
Detailed Explanation for this Vulnerability Test
Arbitary commands can be executed on the remote web server
When IIS receives a user request to run a script, it renders
the request in a decoded canonical form, then performs
security checks on the decoded request. A vulnerability
results because a second, superfluous decoding pass is
performed after the initial security checks are completed.
Thus, a specially crafted request could allow a possible hacker to
execute arbitrary commands on the IIS Server.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.