HTTP: IIS Admin Probe
This signature detects requests for the administrator interface in Microsoft IIS.
Extended Description
Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy ISAPI DLL (ISM.DLL) is left in the /scripts/iisadmin directory. An attacker may call this DLL via the following syntax: http://www.server.com/scripts/iisadmin/ism.dll?http/dir This URL prompts the user for a username/password to access the remote administration console. Although approved access does not permit the user to commit changes to the IIS server, it may allow them to gather sensitive information about the web server and its configuration.
Short Name
HTTP:IIS:ADMIN-PROBE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Admin CVE-1999-1538 IIS Probe bid:189
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
CVSS Score
2.1