Signature Detail

Short Name	HTTP:IIS:IIS-BYPASS
Severity	Low
Recommended	No
Category	HTTP
Keywords	Microsoft IIS 5 NTLM and Basic Authentication Bypass
Release Date	2007/06/04
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft IIS 5 NTLM and Basic Authentication Bypass

This signature detects attempts to bypass IIS 5 Basic or NTLM Authentication. A successful attacker could gain access to protected documents and code.

Extended Description

Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space (%20) to the end of the filename specified in the 'CiWebHitsFile' variable, and setting 'CiHiliteType' to 'Full' and 'CiRestriction' to 'None', it is possible to retrieve the unprocessed source of the file. This is possible on any machine with Index Server installed, even those with no normal .htw files, because the virtual file null.htw is stored in memory and the .htw extension is mapped by default to webhits.dll .

Affected Products

Microsoft Index Server 2.0

References

BugTraq: 1084
CVE: CVE-2000-0302
URL: http://www.securityfocus.com/advisories/2060

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Microsoft IIS 5 NTLM and Basic Authentication Bypass

Extended Description

Affected Products

References