Microsoft IIS protection bypass
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Microsoft IIS protection bypass
Published:
29.12.2009
Source:
BUGTRAQ
SecurityVulns ID:
10491
Type:
remote
Level:
6
/10
Description:
It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file.
Affected:
MICROSOFT
:
Windows 2000 Server
MICROSOFT
:
Windows 2000 Professional
MICROSOFT
:
Windows XP
MICROSOFT
:
Windows 2003 Server
MICROSOFT
:
Windows Vista
MICROSOFT
:
Windows 2008 Server
MICROSOFT
:
Windows 7
Original document
ds.adv.pub_(at)_gmail.com
,
Code to mitigate IIS semicolon zero-day
(
29.12.2009
)
bugreport_(at)_itguard.info
,
Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug)
(
29.12.2009
)
Files:
Mitigation should help block attempts to exploit the IIS semicolon zero-day
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
