[Vulnerable] Microsoft IIS "SERVER_NAME" Variable Spoofing

23/08/2005 - 18:46 por 1x4x9 | Informe spam
Microsoft IIS "SERVER_NAME" Variable Spoofing Vulnerability
http://secunia.com/advisories/16548/


Secunia Advisory: SA16548
Release Date: 2005-08-23

Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status:Unpatched

Software:

Microsoft Internet Information Services (IIS) 5.x
Microsoft Internet Information Services (IIS) 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
Inge Henriksen has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious people
to spoof certain information.

The vulnerability is caused due to an error when determining the
"SERVER_NAME" variable and can be exploited to spoof it via a
specially crafted HTTP request.

Successful exploitation may e.g. disclose parts of an ASP scripts'
source code or make it possible to bypass security checks performed by
a web application based on the "SERVER_NAME" variable.

The vulnerability has been confirmed in IIS 5.1 and has also been
reported in versions 5.0 and 6.0.


Solution:
Don't make assumptions based on the "SERVER_NAME" variable in web
applications.

Don't use the default 500-100.asp error page, as it makes assumptions
based on the "SERVER_NAME" variable and may return script contents
when encountering errors.

Provided and/or discovered by:
Inge Henriksen

Original Advisory:
http://ingehenriksen.blogspot.co......-name.html
 

Leer las respuestas

#1 Javier Inglés [MS MVP]
23/08/2005 - 19:33 | Informe spam
http://secunia.com/product/1438/?period 05#advisories

http://secunia.com/product/39/

Salu2!!
Javier Inglés
MS MVP, Windows Server-Directory Services





"1x4x9" escribió en el mensaje
news:defju9$j1c$
Microsoft IIS "SERVER_NAME" Variable Spoofing Vulnerability
http://secunia.com/advisories/16548/


Secunia Advisory: SA16548
Release Date: 2005-08-23

Critical: Less critical
Impact: Spoofing
Where: From remote
Solution Status:Unpatched

Software:

Microsoft Internet Information Services (IIS) 5.x
Microsoft Internet Information Services (IIS) 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
Inge Henriksen has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious people
to spoof certain information.

The vulnerability is caused due to an error when determining the
"SERVER_NAME" variable and can be exploited to spoof it via a
specially crafted HTTP request.

Successful exploitation may e.g. disclose parts of an ASP scripts'
source code or make it possible to bypass security checks performed by
a web application based on the "SERVER_NAME" variable.

The vulnerability has been confirmed in IIS 5.1 and has also been
reported in versions 5.0 and 6.0.


Solution:
Don't make assumptions based on the "SERVER_NAME" variable in web
applications.

Don't use the default 500-100.asp error page, as it makes assumptions
based on the "SERVER_NAME" variable and may return script contents
when encountering errors.

Provided and/or discovered by:
Inge Henriksen

Original Advisory:
http://ingehenriksen.blogspot.co......-name.html

Preguntas similares