MS.IIS.UNC.Mapped.Virtual.Host.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an information-disclosure vulnerability in Microsoft IIS.
The vulnerability is caused by an error when the vulnerable software handles a backward slash "\" appended to an ASP in an HTTP request. As a result, a remote attacker can read the source code of the ASP file by sending a crafted HTTP request.

affected-products-logoAffected Products

Microsoft Site Server Commerce Edition 3.0 i386
Microsoft Site Server Commerce Edition 3.0 alpha
Microsoft Proxy Server 2.0
Microsoft IIS 5.0
Microsoft IIS 4.0 alpha
Microsoft IIS 4.0
Microsoft Commercial Internet System 2.5
Microsoft Commercial Internet System 2.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/MS00-019.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)