SonicWALL Internet Security: SonicALERT

WEB-IIS All Categories

	Denial of service in Windows NT IIS server using ..\..
	Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
	Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
	IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
	In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
	Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
	.htr Transfer-Encoding\: chunked
	.asp Transfer-Encoding\: chunked
	IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
	IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
	The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
	ASP contents view
	SAM Attempt
	cmd32.exe access
	cmd.exe access
	cmd? access
	cross-site scripting attempt
	cross-site scripting attempt
	del attempt
	directory listing
	/scripts/iisadmin/default.htm access
	asp-dot attempt
	asp-srch attempt
	fpcount attempt
	index server file source code attempt
	ism.dll attempt
	perl-browse0a attempt
	perl-browse20 attempt
	scripts-browse access
	CodeRed v2 root.exe access
	outlook web dos
	/scripts/samples/ access
	/msadc/samples/ access
	iissamples access
	multiple decode attempt
	iisadmin access
	/exchange/root.asp attempt
	WebDav ntdll.dll (rs_iis)
	WebDav ntdll.dll (kralor probe)
	WebDav ntdll.dll (kralor shellcode)
	WebDav ntdll.dll (webdavx.pl)
	WebDav ntdll.dll (wd.pl)
	WebDav ntdll.dll (KaHT probe)
	MS Site Server default login attempt
	MS Site Server admin attempt
	Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
	Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
	SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
	SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
	IIS allows users to execute arbitrary commands using .bat or .cmd files.
	IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
	The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
	In Microsoft Site Server 3.0 a configuration problem exists in the Ad Server Sample directory (AdSamples) allowing an attacker to retrieve SITE.CSC, exposing sensitive SQL database information.
	The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
	IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
	The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
	IIS newdsn.exe CGI script allows remote users to overwrite files.
	By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
	Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
	Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
	Unicode2.pl script (File permission canonicalization)
	_vti_inf access
	CGImail.exe access
	MSProxy access
	repost.asp access
	IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
	/StoreCSVS/InstantOrder.asmx request
	users.xml access
	as_web.exe access
	as_web4.exe access
	NewsPro administration authentication attempt
	pbserver access
	trace.axd access
	mkilog.exe access
	ctss.idc access
	/iisadmpwd/aexp2.htr access
	WebDAV file lock attempt
	ISAPI .printer access
	.cnf access
	msdac access
	_mem_bin access
	search97.vts access
	srch.htm access
	srchadm access
	uploadn.asp access
	viewcode.asp access
	doctodep.btr access
	site/iisamples access
	perl access
	fpcount access
	getdrvs.exe access
	bdir.htr access
	exec-src access
	postinfo.asp access
	/exchange/root.asp access
	nsiislog.dll access
	IISProtect siteadmin.asp access
	IISProtect globaladmin.asp access
	IISProtect access
	Synchrologic Email Accelerator userid list access attempt
	register.asp access

IPS Alert Level

Low

Medium

High


		Home \| Products \| Applications \| Markets \| Support \| How to Buy \| Channel Partners \| Company

		Comprehensive Internet Security ® 2003 SonicWALL, Inc. \| Privacy Statement