Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:IIS:ADMIN-PROBE |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS Admin Probe |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: IIS Admin Probe
This signature detects requests for the administrator interface in Microsoft IIS.
Extended Description
Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy ISAPI DLL (ISM.DLL) is left in the /scripts/iisadmin directory. An attacker may call this DLL via the following syntax: http://www.server.com/scripts/iisadmin/ism.dll?http/dir This URL prompts the user for a username/password to access the remote administration console. Although approved access does not permit the user to commit changes to the IIS server, it may allow them to gather sensitive information about the web server and its configuration.
Affected Products
- Microsoft iis 4.0
References
- BugTraq: 189
- CVE: CVE-1999-1538