Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness

ID SSV:76818
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.

When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions.

The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.