Short Name |
HTTP:IIS:IIS-HILIGHT-BYPASS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft IIS Hit Highlighting Authentication Bypass Vulnerability |
Release Date |
2009/06/11 |
Update Number |
1449 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Internet Information Server (IIS). Attackers can exploit this issue to access private files hosted on an IIS Web site. Successful exploits can allow attackers to gain access to potentially sensitive information.
Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality. Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible. NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed.