|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Web Servers >> IIS Remote Command Execution Vulnerability Assessment Details
|
IIS Remote Command Execution |
||
|
Acertains if arbitrary commands can be executed Detailed Explanation for this Vulnerability Assessment Summary : Arbitary commands can be executed on the remote web server Description : When IIS receives a user request to run a script, it renders the request in a decoded canonical form, then performs security checks on the decoded request. A vulnerability results because a second, superfluous decoding pass is performed after the initial security checks are completed. Thus, a specially crafted request could permit a possible hacker to execute arbitrary commands on the IIS Server. Solution: http://www.microsoft.com/technet/security/bulletin/ms01-026.mspx Network Security Threat Level: High / CVSS Base Score : 7 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Networks Security ID: 2708, 3193 Vulnerability Assessment Copyright: This script is Copyright (C) 2001 Matt Moore / H D Moore |
||
|
Mainframe, DEC, VAX, AS 400 |
|
||
|
No Discussions have been posted on this vulnerability. |