OSVDB ID: 1210

Title: Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access

Info

Disclosure

Jan 27, 2000

Discovery

Unknown

Dates

Exploit

Jan 27, 2000

Solution

Unknown

Description

Microsoft IIS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the webhits.dll library not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "CiWebHitsFile" variable. By supplying a crafted request to an htw script, it is possible to read arbitrary files on the system.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	IIS	4.0
		5.0
	Index Server	2.0

References

CVE ID: 2000-0097 (see also: NVD)
Microsoft Knowledge Base Article: 251170 328832
ISS X-Force ID: 3884
Bugtraq ID: 950
Keyword: aka the "Malformed Hit-Highlighting Argument" vulnerability. Directory Traversal
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0313.html
http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0066.html
Other Advisory URL: http://www.atstake.com/research/advisories/2000/adviishtw.html
Microsoft Security Bulletin: MS00-006

Credit

David Litchfield - davidngssoftware.com - NGSSoftware

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

IIS

Index Server

References

Credit