This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:IIS:X-SITE-SCRIPT
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
IIS Index service Cross site scripting
|
Release Date |
2006/09/12
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: IIS Index service Cross site scripting
This signature detects attempts to exploit a known vulnerability against Microsoft Indexing Service. A successful attack allows the attacker to perform cross-site scripting.
Extended Description
Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other users.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, in the context of the victim's session. This could allow the attacker to perform actions on behalf of the victim, such as spoofing content or hijacking their session.
Microsoft Indexing Service is not installed or enabled by default. Even if installed, it is not accessible from Internet Information Services (IIS). This vulnerability affects only systems that have IIS and Indexing Service installed and that have the Indexing Service configured to be accessible from IIS through a web-based interface.
Affected Products
- Cisco centrex_ip_client_manager 7.0
- Cisco centrex_ip_client_manager 8.0
- Cisco centrex_ip_client_manager 9.0
- Cisco element_managers 7.0
- Cisco element_managers 8.0
- Cisco element_managers 9.0
- Hp storage_management_appliance 2.1
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_resource_kit
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition SP1 Beta 1
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_standard_edition SP1 Beta 1
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_server_2003_web_edition SP1 Beta 1
- Microsoft windows_server_2003_web_edition
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_xp_tablet_pc_edition
References