Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:IIS:IIS-HILIGHT-BYPASS |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft IIS Hit Highlighting Authentication Bypass Vulnerability |
Release Date |
2009/06/11 |
Update Number |
1449 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft IIS Hit Highlighting Authentication Bypass Vulnerability
This signature detects attempts to exploit a known vulnerability against Internet Information Server (IIS). Attackers can exploit this issue to access private files hosted on an IIS Web site. Successful exploits can allow attackers to gain access to potentially sensitive information.
Extended Description
Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality. Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible. NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed.
Affected Products
- Microsoft iis 5.0
- Microsoft iis 5.1
References
- BugTraq: 24105
- CVE: CVE-2007-2815