Short Name |
HTTP:IIS:HDR-EVASION |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IIS URL-Encoded Header Evasion |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Microsoft IIS Web server. Attackers can encode HTTP headers in a URL request; when IIS parses the URL, it accepts the URL data as valid HTTP headers. Attackers can use this exploit to evade detection.
Successful exploitation could enable the the attacker to bypass filter security systems and intrusion detection systems, and possibly allow the execution of arbitrary commands on the vulnerable IIS server.