Intrusion Prevention

MS.IIS.Web.Server.Folder.Traversal.Evasion

Description

This indicates a directory traversal vulnerability in Microsoft Internet Information Service (IIS). It can be exploited by sending a unicode encoded URL request to a vulnerable server.
IIS is a powerful web server that provides a highly reliable, manageable, and scalable Web application infrastructure. There is a vulnerability in IIS 4.0 and 5.0 that allows remote attackers to read documents outside of the web root and possibly execute arbitrary commands on a target system by passing it URLs that contain special unicode encoded characters.

Affected Products

Any unpatched Microsoft IIS 4.0 or 5.0 server is vulnerable to the attack.

Impact

Attackers can gain access to files on the victim system, and even execute arbitrary commands.

Recommended Actions

Apply the patch from Microsoft Security Bulletin MS00-057. Customers who have applied the patch are already protected against the vulnerability and do not need to take additional action.

CVE References

CVE-2000-0884