HTTP: Microsoft IIS Multiple Extensions Security Bypass
This signature detects attempts to exploit a known vulnerability against Microsoft IIS Web Servers. Attackers can bypass certain security restrictions and compromise a vulnerable system. Note: In it's default configuration Microsoft Internet Information Server is not vulnerable to this issue. Administrators must have insecurely configured the system in order to be exploited.
Extended Description
Microsoft IIS is prone to a security-bypass vulnerability. This vulnerability may cause IIS to interpret unexpected files as CGI applications. Attackers may be able to exploit this vulnerability to bypass intended security restrictions. UPDATE (December 25, 2009): Reports indicate that IIS 7.5 is not vulnerable to this issue. Furthermore, it is currently unknown whether IIS 7.0 is vulnerable. UPDATE (December 29, 2009): Reports indicate that IIS 5.0 SP1 under Windows XP SP 3 and IIS 7.0 under Windows Server 2008 are not affected. NOTE: This BID is being retired. For an exploit to succeed, IIS must be configured in a nondefault way and contrary to the vendor's recommended best practices.
Affected Products
Microsoft iis
Short Name
HTTP:IIS:IIS-EXT-BYPASS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Bypass CVE-2009-4444 Extensions IIS Microsoft Multiple Security bid:37460
Release Date
12/28/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.0