MS.IIS.Web.Server.Directory.Traversal
Description
This indicates a directory traversal vulnerability in Microsoft Internet Information Service (IIS). It can be exploited by sending a unicode encoded URL request to a vulnerable server.
IIS is a powerful web server that provides a highly reliable, manageable, and scalable Web application infrastructure. There is a vulnerability in IIS 4.0 and 5.0 that allows remote attackers to read documents outside of the web root and possibly execute arbitrary commands on a target system by passing it URLs that contain special unicode encoded characters.
Affected Products
Any unpatched Microsoft IIS 4.0 or 5.0 server is vulnerable to the attack.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the patch from Microsoft Security Bulletin MS00-057. Customers who have applied the patch are already protected against the vulnerability and do not need to take additional action.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2023-01-10 | 22.472 | Name:MS. IIS. Web. Server. Folder. Traversal:MS. IIS. Web. Server. Directory. Traversal |
2019-04-09 | 14.589 | Default_action:pass:drop |
2018-09-26 | 13.458 | Sig Added |