Security Advisory: [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting

[EN] securityvulns.ru
no-pyccku

Related information
  Multiple bugs in Microsoft Internet Information Server
  [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability
  [A3SC] MS IIS out of process privilege elevation vulnerability(A3C
R@K-Vul-2002-06-
002)
  Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)

  Microsoft Security Bulletin MS02-062: Cumulative Patch for Internet Information Service (Q327696)

From: SNS
Date: 11.04.2002
Subject: [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting

----------------------------------------------------------------------
SNS Advisory No.49
A Possibility of Internet Information Server/Services Cross Site Scripting

Problem first discovered: Fri, 11 Jan 2002
Published: Thu, 11 Apr 2002
----------------------------------------------------------------------

Overview:
---------
Microsoft Internet Information Server/Services (IIS) is prone to a
potential Cross Site Scripting vulnerability.

Details:
--------
When a request is submitted to IIS, it returns a "302 Object Moved"
error message to the client without changing the metacharacters
contained in the request. This occurs when the request contains the
following URI:

GET /existing directory name?"><script>alert("aaa"); </script>

Affected Versions:
------------------
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1

Solution:
---------
This vulnerability can be eliminated by applying the following patch
available at:

Microsoft Security Bulletin MS02-018:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp

Microsoft Security Bulletin MS02-018(Japanese version):
http://www.microsoft.com/japan/technet/security/bulletin/MS02-018.asp

Discovered by:
--------------
Keigo Yamazaki

Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

References:
-----------
Archive of this advisory:
http://www.lac.co.jp/security/english/snsadv_e/49_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
-------------------------------------------------------------------