SCAN: IIS Samples Scanning
This signature detects a web scan in the directory /scripts/samples/search/. On Microsoft Internet Information Services web servers, this directory often contains vulnerable scripts.
Extended Description
Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow arbitrary code to run on the host in the Local System context. Note that Index Server and Indexing Service do not need to be running for an attacker to exploit this issue. Since 'idq.dll' is installed by default when IIS is installed, IIS would need to be the only service running. Note also that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all products that run affected versions of IIS are also vulnerable. **UPDATE**: An aggressive worm that actively exploits this vulnerability is believed to be in the wild.
Affected Products
Cisco ip/vc_3540_application_server,Cisco call_manager
Short Name
SCAN:MISC:HTTP:IIS-SAMPLES
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
CVE-2001-0500 IIS Samples Scanning bid:2880
Release Date
12/08/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Cisco
Microsoft
CVSS Score
10.0