Signature Detail
Short Name |
HTTP:IIS:WEBDAV:REQ-DISCLO |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IIS WebDAV Request Source Code Disclosure |
Release Date |
2010/10/07 |
Update Number |
1787 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IIS WebDAV Request Source Code Disclosure
This signature detects attempts to exploit a known vulnerability against Microsoft IIS Webdav. Attackers can use this vulnerability to disclose information.
Extended Description
Microsoft IIS is reportedly affected by a remote script source disclosure vulnerability. A successful attack causes the Web server to present the requested file as a plain text file and subsequently disclosing the source. It should be noted that this issue only presents itself when the requested files are stored on a FAT or FAT32 volume and does not arise if the script files are stored on a NTFS volume. Microsoft IIS 5.1 is vulnerable to this issue.
Affected Products
- Microsoft IIS 5.1
References
- BugTraq: 14764