This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:INFO:AUTH-NEGOTIATE
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Authorization Type Negotiate
|
Release Date |
2004/04/20
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Authorization Type Negotiate
This signature detects a HTTP client requesting authorization negotiation. A vulnerability exists in Microsoft IIS that can be triggered while performing this type of negotiation. Successful exploitation of this vulnerability can result in denial of service or arbitrary code execution on the IIS server.
Extended Description
The Microsoft Negotiate Security Software Provider (SSP) interface is prone to a remote buffer overflow vulnerability. In most cases, exploitation would result in a denial of service, but arbitrary code execution is possible.
Affected Products
- Avaya definityone_media_servers
- Avaya ip600_media_servers
- Avaya s3400_message_application_server
- Avaya s8100_media_servers
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_web_edition
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_gold
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional
References