GEN:SID 1:939
Message WEB-FRONTPAGE posting
Summary This event is generated when an attempt is made to use a Frontpage
client to connect and/or publish content to a Frontpage Server
Extensions-enabled IIS web server.
Impact An attacker can modify your web content, access privileged files or
modify other users' privileges on the Frontpage-enabled virtual host.
Detailed Information Microsoft Frontpage is a web-content managing and publishing
application, which also comes with server extensions for Microsoft IIS
and Apache web servers. The extensions enable the servers to display
dynamic content, as well as perform certain levels of web-server
administration.
Affected Systems All systems running FPSE on IIS.
Attack Scenarios An attacker can gain the FPSE username and password via sniffing, social
engineering or brute force guessing. After successfully logging on to
the system, the attacker can alter web contents, modify login
information for other users and generally control the web server.
Ease of Attack After gaining the login credentials the attack is trivial.
Corrective Action Disable FPSE if it is not needed for web-content management.
Additional References eEye Digital Security:
http://www.eeye.com/html/research/advisories/AD20001222.html
Rule References nessus: 10585
cve: 2001-0096
bugtraq: 2144
url: www.microsoft.com/technet/security/bulletin/MS00-100.mspx