Дырка в IIS (File Request Parsing)
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Дырка в IIS (File Request Parsing)
updated since 08.11.2000
Published:
02.12.2000
Source:
MICROSOFT
SecurityVulns ID:
699
Type:
remote
Level:
6
/10
Описание:
При разборе имени запрашиваемого CGI, можно выполнить приложение (.bat или .cmd) за счет исопльзования специальных метасимволов.
Affected:
MICROSOFT
:
Internet Information Server 4.0
MICROSOFT
:
Internet Information Server 5.0
Original document
MICROSOFT
,
Re-release: Microsoft Security Bulletin MS00-086
(
02.12.2000
)
Georgi Guninski
,
IIS 5.0 with patch Q277873 allows executing arbitrary commands on the web server
(
28.11.2000
)
Russ
,
Possible problems with patch for MS00-086
(
28.11.2000
)
Nsfocus Security Team
,
[Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
(
24.11.2000
)
MICROSOFT
,
Update: Microsoft Security Bulletin (MS00-086)
(
22.11.2000
)
MICROSOFT
,
Update to Microsoft Security Bulletin MS00-086
(
12.11.2000
)
Nsfocus Security Team
,
NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
(
08.11.2000
)
MICROSOFT
,
Security Bulletin (MS00-086)
(
08.11.2000
)
Files:
shell on IIS server with Unicode using *only* HTTP
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
