Signature Detail
Short Name |
SCAN:NESSUS:GLOBAL-ASA |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
SCAN |
Keywords |
Nessus Global-asa Probe |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCAN: Nessus Global-asa Probe
This signature detects requests for the Microsoft IIS Global.asa that can be used to launch attacks against a site.
Extended Description
Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. It is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with 'Translate: f' at the end of it, and if a trailing slash '/' is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client.
Affected Products
- Microsoft IIS 5.0
References
- BugTraq: 1578
- CVE: CVE-2000-0778