Info

Disclosure

Oct 17, 2000

Discovery

Unknown

Dates

Exploit

Oct 17, 2000

Solution

Unknown

Description

Microsoft Internet Information Server (IIS) contain a flaw that allows a remote attacker to access any file or folder on the Web Server with "anonymous" access. The issue is due to IIS failing to handle Unicode characters in URI requests. By replacing slashes and backslashes with their Unicode equivilent, an attacker can bypass the sanity checks present in IIS that would normally filter and deny such requests.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	IIS	4.0
		5.0

References

CERT VU: 111677
Bugtraq ID: 1806
Milw0rm: 189 190 191 192
Exploit Database: 189 190 191 192
CVE ID: 2000-0884 (see also: NVD)
ISS X-Force ID: 5377
CERT: CA-2001-11
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-10/0263.html
http://archives.neohapsis.com/archives/bugtraq/2000-10/0288.html
Generic Exploit URL: http://marc.theaimsgroup.com/?l=bugtraq&m=97194081906835&w=2
http://www.saintcorporation.com/cgi-bin/exploit_info/iis_unicode_traversal
Generic Informational URL: http://www.securitybugware.org/NT/1422.html
CIAC Advisory: l-007
Microsoft Security Bulletin: MS00-078

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/436

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

IIS

References

Credit