Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Web Servers >> Malformed Hit-Highlighting Argument Vulnerability

Vulnerability Assessment Details

Malformed Hit-Highlighting Argument Vulnerability

Vulnerability Assessment Summary
Acertains IIS IDA/IDQ Path Reveal vulnerability

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote IIS web server is missing a security patch.

Description :

The remote version of IIS is vulnerable to two vulnerabilities :

- An information disclosure issue permits a remote attacker to obtain
the real pathname of the document root by requesting non-existent
files with .ida or .idq extensions.

- An argument validation issue in the WebHits component lets a remote
attacker read abitrary files on the remote server

Solution :

Microsoft released a patch for Windows 2000 :

http://www.microsoft.com/technet/security/bulletin/ms00-006.mspx

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)

Networks Security ID: 1065

Vulnerability Assessment Copyright: This script is Copyright (C) 2000 Filipe Custodio

Networking, Telecom Tools

Discussions

No Discussions have been posted on this vulnerability.

Home >> Browse Vulnerability Assessment Database >> Web Servers >> Malformed Hit-Highlighting Argument Vulnerability

Home

Network Security Store

Vulnerability Assessment & Network Security Forums

Contact Us