MS.IIS.Web.Server.Directory.Traversal

description-logoDescription

This indicates a directory traversal vulnerability in Microsoft Internet Information Service (IIS). It can be exploited by sending a unicode encoded URL request to a vulnerable server.
IIS is a powerful web server that provides a highly reliable, manageable, and scalable Web application infrastructure. There is a vulnerability in IIS 4.0 and 5.0 that allows remote attackers to read documents outside of the web root and possibly execute arbitrary commands on a target system by passing it URLs that contain special unicode encoded characters.

affected-products-logoAffected Products

Any unpatched Microsoft IIS 4.0 or 5.0 server is vulnerable to the attack.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the patch from Microsoft Security Bulletin MS00-057. Customers who have applied the patch are already protected against the vulnerability and do not need to take additional action.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-01-10 22.472 Name:MS.
IIS.
Web.
Server.
Folder.
Traversal:MS.
IIS.
Web.
Server.
Directory.
Traversal
2019-04-09 14.589 Default_action:pass:drop
2018-09-26 13.458 Sig Added