[Vulnerable] Microsoft IIS "SERVER_NAME" Variable Spoofing

23/08/2005 - 18:48 por 1x4x9 | Informe spam
Microsoft IIS "SERVER_NAME" Variable Spoofing Vulnerability
http://secunia.com/advisories/16548/


Secunia Advisory: SA16548
Release Date: 2005-08-23

Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status:Unpatched

Software:

Microsoft Internet Information Services (IIS) 5.x
Microsoft Internet Information Services (IIS) 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
Inge Henriksen has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious people
to spoof certain information.

The vulnerability is caused due to an error when determining the
"SERVER_NAME" variable and can be exploited to spoof it via a
specially crafted HTTP request.

Successful exploitation may e.g. disclose parts of an ASP scripts'
source code or make it possible to bypass security checks performed by
a web application based on the "SERVER_NAME" variable.

The vulnerability has been confirmed in IIS 5.1 and has also been
reported in versions 5.0 and 6.0.


Solution:
Don't make assumptions based on the "SERVER_NAME" variable in web
applications.

Don't use the default 500-100.asp error page, as it makes assumptions
based on the "SERVER_NAME" variable and may return script contents
when encountering errors.

Provided and/or discovered by:
Inge Henriksen

Original Advisory:
http://ingehenriksen.blogspot.co......-name.html

Preguntas similare

Leer las respuestas

#1 anonymous
23/08/2005 - 21:02 | Informe spam
Gracias por el aviso


Microsoft IIS "SERVER_NAME" Variable Spoofing Vulnerability
http://secunia.com/advisories/16548/


Secunia Advisory: SA16548
Release Date: 2005-08-23

Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status:Unpatched

Software:

Microsoft Internet Information Services (IIS) 5.x
Microsoft Internet Information Services (IIS) 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
Inge Henriksen has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious people
to spoof certain information.

The vulnerability is caused due to an error when determining the
"SERVER_NAME" variable and can be exploited to spoof it via a
specially crafted HTTP request.

Successful exploitation may e.g. disclose parts of an ASP scripts'
source code or make it possible to bypass security checks performed by
a web application based on the "SERVER_NAME" variable.

The vulnerability has been confirmed in IIS 5.1 and has also been
reported in versions 5.0 and 6.0.


Solution:
Don't make assumptions based on the "SERVER_NAME" variable in web
applications.

Don't use the default 500-100.asp error page, as it makes assumptions
based on the "SERVER_NAME" variable and may return script contents
when encountering errors.

Provided and/or discovered by:
Inge Henriksen

Original Advisory:
http://ingehenriksen.blogspot.co......-name.html
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida