Short Name |
HTTP:IIS:SOURCE-CODE-DISC |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS HTR/ASP UNC Mapped Virtual Host Vulnerability |
Release Date |
2011/03/02 |
Update Number |
1875 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft IIS. Attackers can bypass security restrictions and obtain the full source code of the file back to a remote user by a backward slash "\" appended to an ASP or HTR extension in a URL request.
If a virtual host root is mapped to a UNC share, a backward slash "\" appended to an ASP or HTR extension in a URL request to that virtual host will cause Microsoft Internet Information Server to transmit full source code of the file back to a remote user. Files located on the local drive where IIS is installed is not affected by this vulnerability.