Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Web Servers >> Malformed Hit-Highlighting Argument Vulnerability

Vulnerability Assessment Details

Malformed Hit-Highlighting Argument Vulnerability
Vulnerability Assessment Summary
Acertains IIS IDA/IDQ Path Reveal vulnerability

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote IIS web server is missing a security patch.

Description :

The remote version of IIS is vulnerable to two vulnerabilities :

- An information disclosure issue permits a remote attacker to obtain
the real pathname of the document root by requesting non-existent
files with .ida or .idq extensions.

- An argument validation issue in the WebHits component lets a remote
attacker read abitrary files on the remote server

Solution :

Microsoft released a patch for Windows 2000 :

http://www.microsoft.com/technet/security/bulletin/ms00-006.mspx

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)

Networks Security ID: 1065

Vulnerability Assessment Copyright: This script is Copyright (C) 2000 Filipe Custodio
Cables, Connectors


VINTAGE SLOT 1 TO PGA370 PENTIUM CPU ADAPTER CARD CELERON/COPPERMINE 500mhz picture

VINTAGE SLOT 1 TO PGA370 PENTIUM CPU ADAPTER CARD CELERON/COPPERMINE 500mhz

$45.00


Vintage HP OmniBook 800CT Mini Laptop Computer & accessories picture

Vintage HP OmniBook 800CT Mini Laptop Computer & accessories

$499.00


Vintage 1993 Undersea Adventure3.5

Vintage 1993 Undersea Adventure3.5" Floppy Disk 1 3 4 5 ONLY Game Software PC

$19.99


Vintage Apple Snow iMac G3 Computer Setup and User's Guide picture

Vintage Apple Snow iMac G3 Computer Setup and User's Guide

$29.95


Vintage 1994 Designer Dozen FontPack 3.5

Vintage 1994 Designer Dozen FontPack 3.5" Floppy Disk Software Apple Macintosh

$12.99


Vintage Apple Lisa Brochure, very nice condition picture

Vintage Apple Lisa Brochure, very nice condition

$50.00


Vintage NMB RT101+ Wired Mechanical Keyboard Clicky Space Invader Switch Tested picture

Vintage NMB RT101+ Wired Mechanical Keyboard Clicky Space Invader Switch Tested

$79.95


Sony VAIO PCV-120 Vintage Gaming Computer Intel Pentium MMX Windows 95 ATI Rage picture

Sony VAIO PCV-120 Vintage Gaming Computer Intel Pentium MMX Windows 95 ATI Rage

$299.99


Vintage CD-ROM Drive Model: CR-5850-B Power Cords Not Included Tested Works picture

Vintage CD-ROM Drive Model: CR-5850-B Power Cords Not Included Tested Works

$44.99


SEALED Vintage Western Digital Value Line Hard Drive 3.5-Inch Enhanced IDE 25 GB picture

SEALED Vintage Western Digital Value Line Hard Drive 3.5-Inch Enhanced IDE 25 GB

$100.00


Discussions

No Discussions have been posted on this vulnerability.