Microsoft IIS file enumeration vulnerability-vulnerability warning-the black bar safety net

2012-07-04T00:00:00
ID MYHACK58:62201234239
Type myhack58
Reporter 佚名
Modified 2012-07-04T00:00:00

Description

Release date: 2012-06-30

Update date: 2012-07-03

Affected system:

Microsoft IIS 7.5

Microsoft IIS 7.0

Microsoft IIS 6.0

Microsoft IIS 1.0

Description:

--------------------------------------------------------------------------------

BUGTRAQ ID: 5 4 2 5 1

Internet Information Services(IIS, the Internet Information Service is provided by Microsoft based on running Microsoft Windows Internet basic services.

Microsoft IIS in the realization of the existence of the file enumeration vulnerability, an attacker can exploit this vulnerability to enumerate the network server the root directory of the file.

<*source: Soroush Dalili (Irsdl@yahoo.com)

*>

Recommendations:

--------------------------------------------------------------------------------

Manufacturers patch:

Microsoft

---------

The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:

http://www.microsoft.com/technet/security/