Title: Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
Severity: HIGH
Description:
The Far East editions of Microsoft IIS do not properly validate HTTP requests containing double-byte character sets (DBCS) which may lead to the disclosure of files contained within the web root. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability.
In the event that IIS Far East edition receives a HTTP request containing a double-byte character in the filename, it will verify for the presence of a lead-byte. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified.
A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords.
Affected Products:
- Microsoft IIS Far East Edition 4.0 SP5
- Microsoft IIS Far East Edition 5.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
