Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.10680 |
Categoría: | Remote file access |
Título: | Microsoft Internet Information Services (IIS) Source Fragment Disclosure |
Resumen: | Microsoft IIS 4.0 and 5.0 can be made to disclose; fragments of source code which should otherwise be; inaccessible. This is done by appending +.htr to a; request for a known .asp (or .asa, .ini, etc) file. |
Descripción: | Summary: Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending +.htr to a request for a known .asp (or .asa, .ini, etc) file. Solution: .htr script mappings should be removed if not required. - open Internet Services Manager - right click on the web server and select properties - select WWW service > Edit > Home Directory > Configuration - remove the application mappings reference to .htr If .htr functionality is required, install the relevant patches from Microsoft (MS01-004) CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
BugTraq ID: 1193 BugTraq ID: 1488 Common Vulnerability Exposure (CVE) ID: CVE-2000-0457 http://www.securityfocus.com/bid/1193 Bugtraq: 20000511 Alert: IIS ism.dll exposes file contents (Google Search) http://marc.info/?l=bugtraq&m=95810120719608&w=2 Microsoft Security Bulletin: MS00-031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 XForce ISS Database: iis-ism-file-access(4448) https://exchange.xforce.ibmcloud.com/vulnerabilities/4448 Common Vulnerability Exposure (CVE) ID: CVE-2000-0630 http://www.securityfocus.com/bid/1488 Microsoft Security Bulletin: MS00-044 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044 XForce ISS Database: iis-htr-obtain-code(5104) https://exchange.xforce.ibmcloud.com/vulnerabilities/5104 |
Copyright | Copyright (C) 2001 Pedro Antonio Nieto Feijoo |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |