PT-2002-2440 · Microsoft · Internet Information Server+1

Publicado

2002-12-31

Atualizado

2020-12-09

CVE-2002-1718

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Server (IIS) version 5.1

Description The issue allows remote attackers to view the contents of a Frontpage Server Extension (FPSE) file. This can be achieved by sending an HTTP request for colegal.htm that contains .. (dot dot) sequences.

Recommendations For Microsoft Internet Information Server (IIS) version 5.1, consider restricting access to FPSE files until a patch is available. As a temporary workaround, avoid using the .. (dot dot) sequences in HTTP requests for colegal.htm. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2002-1718

Produtos afetados

Frontpage Server Extensions

Internet Information Server

PT-2002-2440 · Microsoft · Internet Information Server+1

CVE-2002-1718

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6