DoS через расширения URL в IIS

Специальным образом сконструированное расширение в URL приводит 100 потреблению ресурсов и отказе в обслузивании IIS...

shtml.exe reveal local path of IIS web directory

I found there is a security problem about shtml.exe that allows anyone to explore the local path of IIS web server. Tested on windows2000 server.shtml.exe is a program issued with Forntpage Extention server for viewing smart HTML file, If we install Frontpage on Windows2000 server, a directory...

Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure

The version of FrontPage Extensions running on the remote host has an information disclosure vulnerability. Using a non-existent file as an argument to the 'shtml.exe' CGI reveals the local absolute path of the web root. A remote attacker could use this information to mount further attacks. C...

CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path...

FrontPage 2000 IIS 4.05.0 - Server Extensions Full Path Disclosure

FrontPage 2000 IIS 4.05.0 - Server Extensions Full Path Disclosure source: https://www.securityfocus.com/bid/1174/info The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to...

FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure

source: https://www.securityfocus.com/bid/1174/info The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to the shtml.exe or shtml.dll depending on platform program will displ...

CVE-2000-0256

The CVE-2000-0256 entry describes buffer overflows in FrontPage 97/98 Server Extensions, specifically htimage.exe (and Imagemap.exe) that allow a remote attacker to perform actions beyond the web site’s scope. A concrete exploit path is documented for htimage.exe via /cgi-bin/htimage.exe/AAAA[......

CVE-2000-0256

Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability...

Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.

===================================================================== Securax-SA-02 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Ms Windows '95?/'98/SE explorer.exe causes a buffer overflow with long filename...

Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation

source: https://www.securityfocus.com/bid/1108/info Two dlls dvwssr.dll and mtd2lv.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack include an obfuscation string that manipulates the name of requested files. Knowing this string and the obfuscation...

CVE-1999-0796

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks...

CVE-2000-0114

CVE-2000-0114 affects FrontPage Server Extensions. It enables unauthenticated remote disclosure of the anonymous account name via an RPC POST to shtml.dll in the /_vti_bin/ virtual directory. The issue stems from information disclosure in FrontPage Server Extensions; no exploitation details are p...

CVE-2000-0122

CVE-2000-0122 affects FrontPage Server Extensions. A remote attacker can determine the physical path of a virtual directory by issuing a GET to htimage.exe, leading to information disclosure about server layout. The provided records do not specify affected versions, exact vulnerable component det...

CVE-2000-0114

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory...

CVE-2000-0122

Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program...

CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...

CVE-2000-0122

Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program...

CVE-2000-0114

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory...

VulnCheck KEV: CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...

CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...