Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Server Name Spoofing in IIS Could Lead to Code Exposure
Inge Henriksen reported a flaw in Microsoft IIS that might lead to the exposure of application code that runs on the server.
ITPro Today
August 23, 2005
1 Min Read
Server NameSpoofing in IIS Could Lead to Code Exposure
ReportedAugust 22, 2005 by IngeHenriksen
VERSIONS AFFECTED
Internet Information Server 5.xand 6.0 |
DESCRIPTION
IngeHenriksen reported a flaw in Microsoft IIS that might lead to theexposure of application code that runs on the server. An attackercould enter a fully qualified URL at a Telnet client to connect tothe Web server's listening port, and IIS might consider theconnection as coming from the local host instead of a remote client.
Thetactic works because of the way IIS handles requests. If a URL hasthe prefix http://localhost,IIS bypasses name resolution and assumes the request is from thelocal Web server console. The tecnhique doesn't work with a standardWeb browser because browsers resolve localhost as 127.0.0.1 (i.e.,the local client machine).
Applicationcode is exposed when IIS needs to use the default "Error 500"Web page template. This template relies on the Web request'sSERVER_NAME variable to determine what information to display. If thevariable contains "localhost", the templatewill displayapplication source code that wouldn't otherwise be displayed to aremote user.
VENDOR RESPONSE
Microsoft is aware of the problemhowever no response has been issued from the company as of thiswriting.
About the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
_(1).png?width=700&auto=webp&quality=80&disable=upscale)
.png?width=700&auto=webp&quality=80&disable=upscale)