Microsoft IIS Cookie Variable Information Disclosure

2004-05-05T18:24:19
ID OSVDB:5993
Type osvdb
Reporter Cesar Cerrudo(sqlsec@yahoo.com)
Modified 2004-05-05T18:24:19

Description

Vulnerability Description

Microsoft Internet Information Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted HTTP GET request with the cookie variable set to an equal sign (=), which will disclose server information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Configure IIS to return custom error pages.

Short Description

Microsoft Internet Information Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted HTTP GET request with the cookie variable set to an equal sign (=), which will disclose server information resulting in a loss of confidentiality.

Manual Testing Notes

GET /somepage.asp HTTP/1.0 Host: hostname Cookie: =

Source code snippet for somepage.asp:

value=request.cookies("cookiename") 'here the error is triggered

Value returned by the IIS server:

(0x80004005) Unespecified error /file.inc, line 2

References:

Secunia Advisory ID:11563 Other Advisory URL: http://www.appsecinc.com/resources/alerts/general/05-0001.html Nessus Plugin ID:12229 Microsoft Knowledge Base Article: 834452 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0255.html ISS X-Force ID: 16058