Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SCAN:CORE:IIS-ASP-CHUNKED

Severity

 Info

Recommended

 No

Category

 SCAN

Keywords

 Core Impact IIS ASP Chunked Exploit

Release Date

 2004/12/17

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SCAN: Core Impact IIS ASP Chunked Exploit


This signature detects the CORE Impact penetration testing tool using the IIS ASP Chunked Encoding exploit against your network (this exploit is also detected by the HTTP:REQERR:REQ-MALFORMED-URL anomaly). Because CORE Impact can chain one infected computer to another, other machines in the network can already be compromised. CORE Impact can be used legitimately to perform a network security audit of your network. However, if a network security audit is not in progress, triggering this signature can indicate that a malicious attacker is using the CORE Impact tool to compromise your network.

Extended Description

A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS (Internet Information Services). This condition affects IIS 4.0 and IIS 5.0. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. Microsoft IIS 5.0 is reported to ship with a default script (iisstart.asp) which may be sufficient for a remote attacker to exploit. Other sample scripts may also be exploitable. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.

Affected Products

  • Cisco Building Broadband Service Manager (BBSM) 4.0.1
  • Cisco Building Broadband Service Manager (BBSM) 4.2.0
  • Cisco Building Broadband Service Manager (BBSM) 4.3.0
  • Cisco Building Broadband Service Manager (BBSM) 4.4.0
  • Cisco Building Broadband Service Manager (BBSM) 4.5.0
  • Cisco Building Broadband Service Manager (BBSM) 5.0.0
  • Cisco Building Broadband Service Manager (BBSM) 5.1.0
  • Cisco Call Manager 3.0.0
  • Cisco Call Manager 3.1.0
  • Cisco Call Manager 3.2.0
  • Cisco Unity Server 2.0.0
  • Cisco Unity Server 2.1.0
  • Cisco Unity Server 2.2.0
  • Cisco Unity Server 2.3.0
  • Cisco Unity Server 2.4.0
  • Microsoft IIS 4.0
  • Microsoft IIS 5.0

References

  • BugTraq: 4485
  • CVE: CVE-2002-0079

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out