Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

NSFOCUS Security Advisory 2000.2

🗓️ 26 Jul 2000 00:00:00Reported by Isbase Security TeamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Security flaw in IIS allows access to sensitive file contents, affecting versions 4.0 and 5.0.

Code
`ISBASE Security Advisory(SA2000-02)  
  
  
Topic: IIS ISM.DLL truncation exposes file content  
  
Release Date: July 17, 2000  
  
  
Affected software version:  
===========================  
  
Microsoft Internet Information Server 4.0  
Microsoft Internet Information Server 5.0  
  
Platform:  
==========  
  
Windows NT 4.0 and Windows 2000  
  
  
Impact:  
=========  
  
Isbase security team has found a security flaw in Microsoft IIS 4.0/5.0 .  
Attacker can obtain the contents of certain types of files (.asp,.asa,.ini...)  
in Microsoft Internet Information Server 4.0 or 5.0. Normally attacker should  
not be able to access the contents of those files. Attacker could get some  
sensitive data contained in those files.  
  
Description:  
==============  
  
By requesting an existing filename (for example, global.asa) with an appendage  
of "+" and extention of ".htr" from Microsoft Internet Information Server  
4.0/5.0 , IIS will be tricked to call ISM.DLL ISAPI application to deal with  
this request. When "+" is found in the filename, ISM.DLL will truncate the  
"+.htr" and open the target file(global.asa). If the target file is not ".htr"  
file , part of target file source code will be exposed to the attacker. For  
example, attacker can retrieve the content of global.asa which often contains  
some sensitive information such as SQL server's username and password.  
  
  
  
Exploit:  
==========  
Put this URL in your browser and view the source code of returned page:  
  
http://www.victim.com/global.asa+.htr  
  
Workaround:  
===========  
If you don't need HTR functionality , remove the script mapping for HTR.  
  
Solution:  
===========  
Microsoft has been informed and released one security bulletin concerning this  
flaw.  
  
The bulletin is live at :  
  
http://www.microsoft.com/technet/security/bulletin/MS00-044.asp  
  
Patches are available at:  
  
IIS 4.0:  
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22709  
IIS 5.0:  
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22708  
  
  
  
Isbase Security Team <[email protected]>  
  
ISBASE INFORMATION TECHNOLOGY CO.,LTD  
(http://www.isbase.com)  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jul 2000 00:00Current
0.5Low risk
Vulners AI Score0.5
iis security flawfile content exposuremicrosoft internet information serversensitive data riskworkaround solution.
27