ISS vulnerabilities
Results 1 to 4 of 4

Thread: ISS vulnerabilities

  1. #1
    Senior since the 3 dot era
    Join Date
    Nov 2001

    IIS vulnerabilities

    New vulnerabilities are discovered (April 11th 2002), all customers using M$ IIS on NT4.0 / Win 2K and Win XP systems should consider reading the following info and apply the patches or solutions mentioned.


    Title: MS FTPd DoS
    ID: 10934
    Category: FTP
    Summary: Checks if the remote ftp can be crashed
    ** It was possible to make the remote FTP server crash
    ** by sending the command 'STAT *?AAAAA....AAAAA'

    ** An attacker may use this flaw to prevent your FTP server
    ** from working properly

    Solution : see
    ** Risk factor : Medium

    Title: IIS XSS via 404 error
    ID: 10936
    Category: CGI abuses
    Summary: Tests for IIS XSS via 404 errors
    ** This IIS Server appears to vulnerable to one of the cross site scripting
    ** attacks described in MS020-018. The default '404' file returned by IIS uses
    scripting to output a link to
    ** top level domain part of the url requested. By crafting a particular URL it
    is possible to insert arbitrary script into the
    ** page for execution.

    ** The presence of this vulnerability also indicates that you are vulnerable to
    the other issues identified in MS020-018 (various remote buffer overflow and
    cross site scripting attacks...)

    ** References:

    ** Risk factor : Medium

    Title: IIS .HTR ISAPI filter applied
    ID: 10932
    Category: CGI abuses
    Summary: Tests for IIS .htr ISAPI filter
    ** The IIS server appears to have the .HTR ISAPI filter mapped.

    ** At least one remote vulnerability has been discovered for the .HTR
    ** filter. This is detailed in Microsoft Advisory
    ** MS02-018, and gives remote SYSTEM level access to the web server.

    ** It is recommended that even if you have patched this vulnerability that
    ** you unmap the .HTR extension, and any other unused ISAPI extensions
    ** if they are not required for the operation of your site.

    ** Solution:
    ** To unmap the .HTR extension:
    *** 1.Open Internet Services Manager.
    *** 2.Right-click the Web server choose Properties from the context menu.
    *** 3.Master Properties
    *** 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
    ** and remove the reference to .htr from the list.

    ** Risk factor : High

    Title: IIS FrontPage ISAPI Denial of Service
    ID: 10937
    Category: Denial of Service
    Summary: Tests for a DoS in IIS
    ** There's a denial of service vulnerability on the remote host
    ** in the Front Page ISAPI filter.

    ** An attacker may use this flaw to prevent the remote service
    ** from working properly.

    Solution: See
    ** Risk factor : Medium

    Title: IIS ASP ISAPI filter Overflow
    ID: 10935
    Category: Gain root remotely
    Summary: Tests for a remote buffer overflow in IIS
    ** There's a buffer overflow in the remote web server through
    ** the ASP ISAPI filter.

    ** It is possible to overflow the remote web server and execute
    ** commands as user SYSTEM.

    Solution: See
    ** Risk factor : High

  2. #2
    Join Date
    Oct 2001
    M$ Strikes again... I wonder how many new IIS Vulnerabilities are discovered daily ?

  3. #3
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Ohh, sorry ppl I made a mistype ISS instead of IIS and it does not change on the forum page when you change the topic with edit your post... I got to report this bug to JP.

    Next sorry to Souleman, seems that his post handles about a patch release that also covers 4 of the 5 vulnerabilities I mentioned in this thread. They are all covered in the Microsoft Advisory MS02-018.

  4. #4
    Senior Member
    Join Date
    Dec 2001
    One word: Apache. Even if it's for Windows, it still runs great and Apache 2.0 alpha is out now... Why bother with IIS and for that matter Windows?
    Search First Ask Second.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts