Info

Disclosure

May 15, 2001

Discovery

Unknown

Dates

Exploit

May 15, 2001

Solution

May 15, 2001

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

OVAL ID: 1018 1051 37 78
CVE ID: 2001-0333 (see also: NVD)
Bugtraq ID: 2708
Metasploit ID: 556
ISS X-Force ID: 6534
CERT: CA-2001-12
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/iis_double_decode
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2
Other Advisory URL: http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Microsoft Security Bulletin: ms01-026

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/556