Code: p87 Severity: Notice
Description: Microsoft's Internet Information Server (IIS) contains a vulnerability in how it handles the multiple data streams NTFS provides for each file. By appending the string ::$DATA, a remote user could view the contents of a file that is normally set to be acted upon by an Application Mapping, such as Active Server Pages (ASP). The attacker, however, must previously have read access to this file to view its contents. Impact: Microsoft IIS versions earlier than 3.0.?? Corrective: Users of IIS previous to 3.0 should upgrade to a more recent version (3.0 or 4.0). The following hotfixes have been made available for IIS 3.0 and 4.0: ? IIS 3.0 (Intel x86) hotfix, /iis3-datafix/iis3fixi.exe ? IIS 3.0 (Alpha) hotfix, /iis3-datafix/iis3fixa.exe ? IIS 4.0 (Intel x86) hotfix, /iis4-datafix/iis4fixi.exe ? IIS 4.0 (Alpha) hotfix, /iis4-datafix/iis4fixa.exe
|
