Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft IIS protection bypass
Published:29.12.2009
Source:
SecurityVulns ID:10491
Type:remote
Threat Level:
6/10
Description:It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentds.adv.pub_(at)_gmail.com, Code to mitigate IIS semicolon zero-day (29.12.2009)
 documentbugreport_(at)_itguard.info, Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug) (29.12.2009)
Files:Mitigation should help block attempts to exploit the IIS semicolon zero-day

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod