Microsoft IIS 'Virtual Directory Naming' Vulnerability patchIf a file on one of the affected web server products resides in a virtual directory whose name contains a legal file extension, the normal server-side processing of the file canbe bypassed. The vulner | |
Download |
Microsoft IIS 'Virtual Directory Naming' Vulnerability patch Ranking & Summary
Advertisement
Microsoft IIS 'Virtual Directory Naming' Vulnerability patch Tags
- file extension File Server Audit File Server Report File Server Virtual Server Picopath File Server contact directory server file extension filter Unassociate File Extension File Extension Changer Check File Extension file extension detail file processing affected File Server Capacity server file archiver T-Server log file Virtual Directory Directory Server File to Virtual W3C web server log file custom file extension file server antivirus modify file extension conserve file extension File extension info virtual file web file server http file server web based file server file/document server file name extension ac file server for
Microsoft IIS 'Virtual Directory Naming' Vulnerability patch Description
If a file on one of the affected web server products resides in a virtual directory whose name contains a legal file extension, the normal server-side processing of the file canbe bypassed. The vulnerability would manifest itself in different ways depending on the specific file type requested, the specific file extension in the virtual directory name,and the permissions that the requester has in the directory. In most cases, an error would result and the requested file would not be served. In the worse case, the source code of.ASP or other files could be sent to the browser. This vulnerability would be most likely to occur due to administrator error, or if a product generated an affected virtual directory name by default. (Front Page Server Extensions is one such product).
Microsoft IIS 'Virtual Directory Naming' Vulnerability patch Related Software