Short Name |
HTTP:IIS:ASP-RCE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Information Services ASP Handling Code Execution |
Release Date |
2010/09/24 |
Update Number |
1779 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft IIS. A successful attack can lead to arbitrary code execution.
Microsoft Internet Information Services (IIS) is prone to a remote code-execution vulnerability that can be exploited through malicious input to vulnerable ASP pages. A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worker Process Identity, which by default has Network Service privileges.