HTTP: Microsoft IIS Hit Highlighting Authentication Bypass Vulnerability
This signature detects attempts to exploit a known vulnerability against Internet Information Server (IIS). Attackers can exploit this issue to access private files hosted on an IIS Web site. Successful exploits can allow attackers to gain access to potentially sensitive information.
Extended Description
Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality. Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible. NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed.
Affected Products
Microsoft iis
Short Name
HTTP:IIS:IIS-HILIGHT-BYPASS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Authentication Bypass CVE-2007-2815 Highlighting Hit IIS Microsoft Vulnerability bid:24105
Release Date
06/11/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0