HTTP.Server.Localhost.Request.Source.Code.Disclosure
Description
It indicates a possible exploit of a source code disclosure vulnerability in Microsoft IIS.
Microsoft IIS has a vulnerability when the 500-100.asp script determines the SERVER_NAME variable. A remote attacker could send a specially-crafted HTTP request to spoof the SERVER_NAME variable and obtain sensitive information, such as parts of the ASP source code or possibly bypass the security restrictions conducted by the Web application that is based on the SERVER_NAME variable.
Affected Products
Microsoft Corporation: Microsoft IIS 5.0
Microsoft Corporation: Microsoft IIS 5.1
Microsoft Corporation: Microsoft IIS 6.0
Microsoft Corporation: Windows 2000 Server SP 4
Microsoft Corporation: Windows 2003 Server SP1
Microsoft Corporation: Windows XP Professional SP2
Impact
Stealing cookies, re-directing data or possibly modifying various URLs
Recommended Actions
See Microsoft Support Knowledge Base Article ID 906910: "The custom error page 500-100.asp may return sensitive information in Internet Information Services 5.0 and in Internet Information Services 5.1" at http://support.microsoft.com/default.aspx?scid=kb;en-us;906910.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-01-17 | 15.760 | Sig Added |