A species vulnerability--IIS 5.1 Directory Authentication Bypass-vulnerability warning-the black bar safety net

ID MYHACK58:62201131257
Type myhack58
Reporter 佚名
Modified 2011-07-16T00:00:00


Bugtraq ID: 4 1 3 1 4

CVE ID: CVE-2 0 1 0-2 7 3 1

CNCVE ID: CNCVE-2 0 1 0 2 7 3 1

Vulnerability published:2010-07-01

Vulnerability update time:2010-09-14

Vulnerability causes: access validation error

Danger level: low

Affected systems: Microsoft IIS 5.1

Hazard: a remote attacker can exploit the vulnerability to bypass authentication to access the protected file.

Attack required conditions: the attacker must have access to Microsoft IIS 5.1 in.

Vulnerability information

Microsoft IIS is a Microsoft developed the HTTP service program.

For Directory based authentication(basic authentication)to processing errors. Use NTFS ADS(Alternate Data Streams)can open the protected folder, you can bypass all of the IIS authentication methods, in the submission of the name of the directory after the request additional“:$i30:$INDEX_ALLOCATION”to bypass the validation. Such as the protection of the folder named“AuthNeeded”, which includes“secretfile. asp”script, you can use the “/AuthNeeded:$i30:$INDEX_ALLOCATION/secretfile. asp”instead of“/AuthNeeded /secretfile. asp”to run“secretfile. asp”is.

Test method: http://wwww.example.com/AuthNeeded:$i30:$INDEX_ALLOCATION/secretfile. asp


Vendor solutions

The user can refer to the following vendor-supplied security patches:

Microsoft IIS 5.1

Microsoft Security Update for Windows XP (KB2290570)

http://www.microsoft.com/downloads/en/details.aspx?familyid=AE55787E-4 A5C-48D5-AEDF-0ABADA514938&displaylang=en

Vulnerability message link




Vulnerability message title

IIS 5.1 Directory Authentication Bypass

IIS5. 1 Directory Authentication Bypass by using ':$I30:$Index_Allocation'

Microsoft Security Bulletin MS10-0 6 5 - Important