J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Microsoft IIS Virtual Directory Naming Vulnerability

Severity: MODERATE

Description:

Server side processing of web pages can be bypassed under a specific set of conditions. If an .asp or similar file resides in a virtual directory whose name ends in a legal extension, the source code of the file may be sent to the client browser.

IIS determines what action to take on a web document by parsing the URL for the filename extension. The first registered extension found in the string is used to make this decision. Therefore, if a request is made for the following file: /webroot/docs.htm/some.asp, and that file exists, IIS will parse the path and find the .htm extension in the virtual directory name docs.htm, determine that no preprocessing is required, and send the unprocessed source of the some.asp file.

Affected Products:

  • Cisco Building Broadband Service Manager 5.0.0
  • Cisco Call Manager 1.0.0
  • Cisco Call Manager 2.0.0
  • Cisco Call Manager 3.0.0
  • Cisco ICS 7750 0.0.0
  • Cisco IP/VC 3540 Video Rate Matching Module 0.0.0
  • Cisco Unity Server 2.0.0
  • Cisco Unity Server 2.2.0
  • Cisco Unity Server 2.3.0
  • Cisco Unity Server 2.4.0
  • Cisco uOne 1.0.0
  • Cisco uOne 2.0.0
  • Cisco uOne 3.0.0
  • Cisco uOne 4.0.0
  • Microsoft BackOffice 4.0.0
  • Microsoft BackOffice 4.5.0
  • Microsoft IIS 4.0.0
  • Microsoft Site Server Commerce Edition 3.0.0 alpha
  • Microsoft Site Server Commerce Edition 3.0.0 i386
  • Microsoft Windows NT 4.0 Option Pack

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.