Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Дырка в IIS (File Request Parsing)
updated since 08.11.2000
Published: 02.12.2000
Source: MICROSOFT
SecurityVulns ID: 699
Type: remote
Level: 6/10
Описание: При разборе имени запрашиваемого CGI, можно выполнить приложение (.bat или .cmd) за счет исопльзования специальных метасимволов.

Affected: MICROSOFT : Internet Information Server 4.0
MICROSOFT : Internet Information Server 5.0

Original document MICROSOFT, Re-release: Microsoft Security Bulletin MS00-086 (02.12.2000)

Georgi Guninski, IIS 5.0 with patch Q277873 allows executing arbitrary commands on the web server (28.11.2000)

Russ, Possible problems with patch for MS00-086 (28.11.2000)

Nsfocus Security Team, [Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability (24.11.2000)

document MICROSOFT, Update: Microsoft Security Bulletin (MS00-086) (22.11.2000)

MICROSOFT, Update to Microsoft Security Bulletin MS00-086 (12.11.2000)

Nsfocus Security Team, NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability (08.11.2000)

document MICROSOFT, Security Bulletin (MS00-086) (08.11.2000)

Files: shell on IIS server with Unicode using *only* HTTP
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod