Microsoft IIS Far East Versions Expose File Contents

Reported December 13, 2000 by NSFocus

VERSIONS AFFECTED
  • Microsoft IIS 4.0 Far East Version
  • Microsoft IIS 5.0 Far East Version

DESCRIPTION

A vulnerability exists in Microsoft IIS Far East 4.0 and 5.0.  A malicious attacker uses the vulnerability to read files in the Web directory. By submitting  a malformed URL, an attacker can obtain the contents of files.

VENDOR RESPONSE

Microsoft was informed of the issue on December 8, 2000.

CREDIT
Discovered by
NSFocus

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish