SAINT CorporationSAINT:EAB353EC7F1F472241FAF4D7055F945DIIS Double Decoding Directory Traversal
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.05 Low
EPSS
Percentile
92.6%
Added: 11/28/2005
CVE: CVE-2001-0333
BID: 2708
OSVDB: 556
Background
Microsoft IIS is a web server for Windows platforms.
Problem
Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then %255c. This allows remote attackers to access any executable file on the system using a directory traversal attack from the /scripts virtual directory, leading to command execution.
Resolution
Install the patch referenced in Microsoft Security Bulletin 01-026.
References
<http://archives.neohapsis.com/archives/bugtraq/2001-05/0101.html>
Limitations
Certain characters are disallowed when using this exploit to run commands.
Platforms
Windows
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.05 Low
EPSS
Percentile
92.6%