Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

iisPROTECT sql injection Vulnerability Scan


Vulnerability Scan Summary
Acertains if iisPROTECT is password-protected

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an ASP application that is affected by
a SQL injection vulnerability.

Description :

The remote host is running iisPROTECT, an IIS add-on to protect the
pages served by this server.

There is a bug in the remote version of iisPROTECT which may allow an
attacker who has the ability to browse the administrative interface to
execute arbitrary commands through SQL injection on this host.

See also :

http://www.securityfocus.com/archive/1/322387/30/0/threaded

Solution :

Upgrade to iisPROTECT version 2.3 or later as that is rumoured to
address the issue.

Threat Level:

Medium / CVSS Base Score : 4.2
(AV:R/AC:L/Au:R/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.