Signature Detail

HTTP: IIS URL-Encoded Header Evasion

This signature detects attempts to exploit a known vulnerability in Microsoft IIS Web server. Attackers can encode HTTP headers in a URL request; when IIS parses the URL, it accepts the URL data as valid HTTP headers. Attackers can use this exploit to evade detection.

Extended Description

Successful exploitation could enable the the attacker to bypass filter security systems and intrusion detection systems, and possibly allow the execution of arbitrary commands on the vulnerable IIS server.

References

• URL: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/featured/iis/default.mspx