Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2001 [email protected]OPENVAS:11443
HistoryNov 03, 2005 - 12:00 a.m.

Microsoft IIS UNC Mapped Virtual Host Vulnerability

2005-11-0300:00:00
Copyright (C) 2001 [email protected]
plugins.openvas.org
14

0.969 High

EPSS

Percentile

99.6%

JSON

Your IIS webserver allows the retrieval of ASP/HTR source code.

An attacker can use this vulnerability to see how your
pages interact and find holes in them to exploit.

# OpenVAS Vulnerability Test
# $Id: iis_unc_mapped_virt_host_vuln.nasl 6046 2017-04-28 09:02:54Z teissa $
# Description: Microsoft IIS UNC Mapped Virtual Host Vulnerability
#
# Authors:
# [email protected], http://libpcap.net
#
# Copyright:
# Copyright (C) 2001 [email protected]
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "Your IIS webserver allows the retrieval of ASP/HTR source code.

An attacker can use this vulnerability to see how your
pages interact and find holes in them to exploit.";

if(description) {
  script_id(11443);
  script_version("$Revision: 6046 $");
  script_tag(name:"last_modification", value:"$Date: 2017-04-28 11:02:54 +0200 (Fri, 28 Apr 2017) $");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_bugtraq_id(1081);
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2000-0246");

  name = "Microsoft IIS UNC Mapped Virtual Host Vulnerability";
  script_name(name);


  summary = "Checks IIS for .ASP/.HTR backslash vulnerability.";
  script_copyright("Copyright (C) 2001 [email protected]");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_vul");

  family = "Web Servers";
  script_family(family);

  script_require_ports("Services/www", 80);
  script_dependencies("http_version.nasl");
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80);
if ( ! can_host_asp(port:port) ) exit(0);

if(get_port_state(port)) {
  # common ASP files
  f[0] = "/index.asp%5C";
  f[1] = "/default.asp%5C";
  f[2] = "/login.asp%5C";
  
  files = get_kb_list(string("www/", port, "/content/extensions/asp"));
  if(!isnull(files)){
 	files = make_list(files);
	f[3] = files[0] + "%5C";
	}

  for(i = 0; f[i]; i = i + 1) {
    req = http_get(item:f[i], port:port);
    h = http_keepalive_send_recv(port:port, data:req);
    if( h == NULL ) exit(0);
    
    if(ereg(pattern:"^HTTP/[0-9]\.[0-9] 200 .*", string:h) &&
       "Content-Type: application/octet-stream" >< r) {
      security_message(port);
      exit(0);
    }
  }
}

Related

openvas 1
nessus 1
cve 1
openvas
openvas
Microsoft IIS UNC Mapped Virtual Host Vulnerability
2005-11-03 00:00:00
nessus
nessus
MS00-019: Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure (uncredentialed check)
2003-03-23 00:00:00
cve
cve
CVE-2000-0246
2000-03-30 05:00:00

0.969 High

EPSS

Percentile

99.6%

JSON
Related for OPENVAS:11443
openvas1nessus1cve1