Preemptive Protection against Microsoft IIS Source Code Disclosure
| Attack ID: | CPAI-2005-123 |
 |
|
| Publish Date: | |
|
|
| Category: | Error Concealment |
|
|
| Vulnerable Systems: | Microsoft Internet Information Services (IIS) 5.1 |
|
|
| Source: | Inge Henriksen |
|
|
| Description: | A vulnerability exists in Microsoft Internet Information Services (IIS) in the way the server handles specific error messages. A remote attacker can exploit this vulnerability via a specially crafted HTTP request to gain information of server script contents. |
|
|
| Severity: | |
| Details: | A Web server that encounters an error will generally serve an error page to the client Web browser. A vulnerability specifically exists in the ASP page generated by the IIS Web server as a result of the HTTP 500.100 error code. This code indicates an internal server error specific to a failed execution of a requested ASP script. Upon a failed ASP script execution, the 500-100.asp script is served to the client, revealing sensitive information. A remote attacker can exploit the vulnerability by supplying a a specially crafted request to a vulnerable system and gain sensitive information. |
|
|
| Attack Detection: | Users of VPN-1 NGX R60 who have applied the solution outlined below will identify the attack by the following log entries: |
|
|
| Solution: | Users of VPN-1 NGX R60 who have applied the solution outlined in CPSA-2005-08 and activated the Error Concealment protection are preemptively protected against this vulnerability. The Error Concealment protection, included with VPN-1 NGX R60 Web Intelligence defenses, blocks all error codes in the ranges of 4xx and 5xx, error codes that are known to potentially reveal sensitive information. |
|
|
| Industry Reference: | CAN-2005-2678 |
|
|
| Additional Information: | |