Signature Detail

HTTP: IIS IISAPI Extension Enumerate Root Web Server Directory Path Disclosure

This signature detects attempts to exploit a known vulnerability against Internet Information Services(IIS) version 5.0 and earlier. A successful attack can lead to unauthorized path disclosure. This is an old issue and newer versions of IIS are unaffected by this vulnerability.

Extended Description

A GET request that specifies a nonexistent file with an IISAPI-registered extension (ie .pl, .idq) will cause the IIS server to return an error message that includes the full path of the root web server directory. This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file. Example: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\ bogus.pl": No such file or directory

Affected Products

• Microsoft IIS 2.0
• Microsoft IIS 3.0
• Microsoft IIS 4.0
• Microsoft IIS 5.0

References

• BugTraq: 194
• CVE: CVE-1999-0450