HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2. A successful attack can lead to arbitrary code execution.

Extended Description

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

References

BugTraq: 97127

CVE: CVE-2017-7269

Short Name
HTTP:IIS:CVE-2017-7269-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2017-7269 IIS Microsoft Overflow ScStoragePathFromUrl WebDAV bid:97127
Release Date
04/05/2017
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3415
False Positive
Unknown
CVSS Score

10.0

Found a potential security threat?