|
Family: Web Servers --> Category: infos
Malformed Hit-Highlighting Argument Vulnerability Vulnerability Scan
Vulnerability Scan Summary Acertains IIS IDA/IDQ Path Reveal vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IIS web server is missing a security patch.
Description :
The remote version of IIS is vulnerable to two vulnerabilities :
- An information disclosure issue allows a remote attacker to obtain
the real pathname of the document root by requesting non-existent
files with .ida or .idq extensions.
- An argument validation issue in the WebHits component lets a remote
attacker read abitrary files on the remote server
Solution :
Microsoft released a patch for Windows 2000 :
http://www.microsoft.com/technet/security/bulletin/ms00-006.mspx
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|