Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Web Servers >> Malformed Hit-Highlighting Argument Vulnerability


Vulnerability Assessment Details

Malformed Hit-Highlighting Argument Vulnerability

Vulnerability Assessment Summary
Acertains IIS IDA/IDQ Path Reveal vulnerability

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote IIS web server is missing a security patch.

Description :

The remote version of IIS is vulnerable to two vulnerabilities :

- An information disclosure issue permits a remote attacker to obtain
the real pathname of the document root by requesting non-existent
files with .ida or .idq extensions.

- An argument validation issue in the WebHits component lets a remote
attacker read abitrary files on the remote server

Solution :

Microsoft released a patch for Windows 2000 :

http://www.microsoft.com/technet/security/bulletin/ms00-006.mspx

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)

Networks Security ID: 1065

Vulnerability Assessment Copyright: This script is Copyright (C) 2000 Filipe Custodio

Cables, Connectors

Atari 2600 - motheboards
$19.9
Atari 2600 - motheboards  pictureAtari 800xl
$94.99
Atari 800xl   pictureAtari 1040STF 1040 STF Computer Bedienungshandbuch
$20.0
Atari 1040STF 1040 STF Computer Bedienungshandbuch picture68000 68010 64 Pin Machined CPU Socket Extension Amiga 500 2000 ATARI APPLE MAC
$9.98
68000 68010 64 Pin Machined CPU Socket Extension Amiga 500 2000 ATARI APPLE MAC picture


Discussions

No Discussions have been posted on this vulnerability.