HTTP: Authorization Type Negotiate
This signature detects a HTTP client requesting authorization negotiation. A vulnerability exists in Microsoft IIS that can be triggered while performing this type of negotiation. Successful exploitation of this vulnerability can result in denial of service or arbitrary code execution on the IIS server.
Extended Description
The Microsoft Negotiate Security Software Provider (SSP) interface is prone to a remote buffer overflow vulnerability. In most cases, exploitation would result in a denial of service, but arbitrary code execution is possible.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_64-bit_edition_version_2003
Short Name
HTTP:INFO:AUTH-NEGOTIATE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Authorization CVE-2004-0119 Negotiate Type bid:10113
Release Date
04/20/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
7.5