HTTP: IIS ASP.Net Directory Authentication Bypass
This signature detects backslash (\) characters in the URL portion of an HTTP request. Attackers can use a backslash as a directory separator instead of the normal forward slash (/) to bypass the Microsoft IIS ASP.Net authentication capabilities and access protected resources. Note: A poorly configured Web server can also display a backslash in a non-malicious URL request.
Extended Description
Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. An attacker may leverage this issue to bypass authentication required to access files in secured directories.
Affected Products
Microsoft .net_framework
Short Name
HTTP:IIS:ASP-DOT-NET-BACKSLASH
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ASP.Net Authentication Bypass CVE-2004-0847 Directory IIS bid:11342
Release Date
10/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Occasionally
Vendors
Microsoft
CVSS Score
7.5