Short Name |
HTTP:IIS:UNC-PATH-DISC |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft IIS UNC Path Disclosure Vulnerability |
Release Date |
2011/03/04 |
Update Number |
1876 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft IIS. Attackers can bypass security restrictions and obtain the real pathname of the document root by requesting non-existent files with .ida, .idq or .htx extensions.
IDQ, IDA, and HTX files cannot be served from a network share. If a website is set up in this manner, and a user clicks on a link that links to one of these files, the share path will be disclosed to the user in the resulting error message.