Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.10680
Categoría:Remote file access
Título:Microsoft Internet Information Services (IIS) Source Fragment Disclosure
Resumen:Microsoft IIS 4.0 and 5.0 can be made to disclose; fragments of source code which should otherwise be; inaccessible. This is done by appending +.htr to a; request for a known .asp (or .asa, .ini, etc) file.
Descripción:Summary:
Microsoft IIS 4.0 and 5.0 can be made to disclose
fragments of source code which should otherwise be
inaccessible. This is done by appending +.htr to a
request for a known .asp (or .asa, .ini, etc) file.

Solution:
.htr script mappings should be removed if not required.

- open Internet Services Manager

- right click on the web server and select properties

- select WWW service > Edit > Home Directory > Configuration

- remove the application mappings reference to .htr

If .htr functionality is required, install the relevant patches
from Microsoft (MS01-004)

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 1193
BugTraq ID: 1488
Common Vulnerability Exposure (CVE) ID: CVE-2000-0457
http://www.securityfocus.com/bid/1193
Bugtraq: 20000511 Alert: IIS ism.dll exposes file contents (Google Search)
http://marc.info/?l=bugtraq&m=95810120719608&w=2
Microsoft Security Bulletin: MS00-031
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031
XForce ISS Database: iis-ism-file-access(4448)
https://exchange.xforce.ibmcloud.com/vulnerabilities/4448
Common Vulnerability Exposure (CVE) ID: CVE-2000-0630
http://www.securityfocus.com/bid/1488
Microsoft Security Bulletin: MS00-044
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
XForce ISS Database: iis-htr-obtain-code(5104)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5104
CopyrightCopyright (C) 2001 Pedro Antonio Nieto Feijoo

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.