SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
SecurityTracker Alert ID:  1027223
SecurityTracker URL:  http://securitytracker.com/id/1027223
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 6 2012
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.x, 6.x
Description:   A vulnerability was reported in Microsoft IIS Web Server. A remote user can obtain potentially sensitive information.

A remote user can supply a specially crafted request containing the tilde ('~') character to determine whether a matching file exists within the web directory on the target system without specifying the entire filename.

This can be exploited to determine filenames more rapidly than by brute force guessing individual characters of the filename. This can also be exploited to potentially bypass certain URL string based filtering if such filtering is used.

A remote user can supply a specially crafted request containing the tilde character and the '::$Index_Allocation' string to determine whether matching files exist within ostensibly protected directories within the web directory on the target system.

On systems running .Net, a remote user can supply a specially crafted request to cause the target system to make an excessive number of file system calls, which may temporarily affect system performance.

The latest version of IIS (7.5) is not affected.

The original advisory is available at:

http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf

Soroush Dalili (@irsdl) reported this vulnerability.

Impact:   A remote user can obtain potentially sensitive information.
Solution:   The vendor has issued a fix (7.5).
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC