GEN:SID | 1:975 |
Message | WEB-IIS Alternate Data streams ASP file access attempt |
Summary | This event is generated when an attempt is made to access an Active Server Page (ASP) .asp file to disclose its contents.
|
Impact | Intelligence gathering activity. A vulnerability exists that discloses the .asp file contents when the file name is appended with "::$DATA".
|
Detailed Information | Microsoft Internet Information Service (IIS) uses Active Server Page to supply HTML and server-side scripting. ASP files use a .asp extension. When the file name is appended with "::$DATA", the contents of the file are disclosed instead of executing the .asp file.
|
Affected Systems | Hosts running IIS 3.0, IIS 4.0
|
Attack Scenarios | An attacker can attempt to reference a .asp file appended with "::$DATA" to see the contents of the file. Sensitive information may by disclosed depending on the selected file.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to a more current version of IIS. |
Additional References | Microsoft http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188806
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0278
Bugtraq http://www.securityfocus.com/bid/149
Nessus http://cgi.nessus.org/plugins/dump.php3?id=10362
|
Rule References | bugtraq: 149
cve: 1999-0278
nessus: 10362
url: support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806
|