Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Internet Information Service (IIS) - Remote hacker automatic data theft

Version: At least version 5.0
Technical Details:

Internet Information Service (IIS) is vulnerable to an authentication bypass attack that can be carried out by targeting the hit highlight feature of the software. By targeting a file that doesn't exist, then using features of the hit highlight feature, it is possible for an attacker to bypass the basic authentication protection.

Description:

Microsoft's web server software (IIS) has been found to be vulnerable to an attack that will allow a remote attacker to bypass the basic authentication settings. This could be used by a remote attacker to gain access to sensitive areas of hosted sites, potentially allowing for reconfiguration of the server or leverage of other vulnerabilities within the site software.

Mitigation:

Consider upgrading to IIS 6.0 or later, or consider installing and running an alternative web server (such as Apache).

Updates:

http://support.microsoft.com/kb/328832

Source:

http://support.microsoft.com/kb/328832

Exploits:

http://milw0rm.com/exploits/4016

External Tracking Data:

CVE-ID: CVE-2007-2815


Social bookmark this page