GEN:SID | 1:939 |
Message | WEB-FRONTPAGE posting |
Summary | This event is generated when an attempt is made to use a Frontpage client to connect and/or publish content to a Frontpage Server Extensions-enabled IIS web server.
|
Impact | An attacker can modify your web content, access privileged files or modify other users' privileges on the Frontpage-enabled virtual host.
|
Detailed Information | Microsoft Frontpage is a web-content managing and publishing application, which also comes with server extensions for Microsoft IIS and Apache web servers. The extensions enable the servers to display dynamic content, as well as perform certain levels of web-server administration.
|
Affected Systems | All systems running FPSE on IIS.
|
Attack Scenarios | An attacker can gain the FPSE username and password via sniffing, social engineering or brute force guessing. After successfully logging on to the system, the attacker can alter web contents, modify login information for other users and generally control the web server.
|
Ease of Attack | After gaining the login credentials the attack is trivial.
|
Corrective Action | Disable FPSE if it is not needed for web-content management.
|
Additional References | eEye Digital Security: http://www.eeye.com/html/research/advisories/AD20001222.html
|
Rule References | nessus: 10585
cve: 2001-0096
bugtraq: 2144
url: www.microsoft.com/technet/security/bulletin/MS00-100.mspx
|