|
Family: CGI abuses --> Category: infos
iisPROTECT sql injection Vulnerability Scan
Vulnerability Scan Summary Acertains if iisPROTECT is password-protected
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is affected by
a SQL injection vulnerability.
Description :
The remote host is running iisPROTECT, an IIS add-on to protect the
pages served by this server.
There is a bug in the remote version of iisPROTECT which may allow an
attacker who has the ability to browse the administrative interface to
execute arbitrary commands through SQL injection on this host.
See also :
http://www.securityfocus.com/archive/1/322387/30/0/threaded
Solution :
Upgrade to iisPROTECT version 2.3 or later as that is rumoured to
address the issue.
Threat Level:
Medium / CVSS Base Score : 4.2
(AV:R/AC:L/Au:R/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|