Intrusion Prevention

HTTP.Server.Localhost.Request.Source.Code.Disclosure

Description

It indicates a possible exploit of a source code disclosure vulnerability in Microsoft IIS.
Microsoft IIS has a vulnerability when the 500-100.asp script determines the SERVER_NAME variable. A remote attacker could send a specially-crafted HTTP request to spoof the SERVER_NAME variable and obtain sensitive information, such as parts of the ASP source code or possibly bypass the security restrictions conducted by the Web application that is based on the SERVER_NAME variable.

Affected Products

Microsoft Corporation: Microsoft IIS 5.0
Microsoft Corporation: Microsoft IIS 5.1
Microsoft Corporation: Microsoft IIS 6.0
Microsoft Corporation: Windows 2000 Server SP 4
Microsoft Corporation: Windows 2003 Server SP1
Microsoft Corporation: Windows XP Professional SP2

Impact

Stealing cookies, re-directing data or possibly modifying various URLs

Recommended Actions

See Microsoft Support Knowledge Base Article ID 906910: "The custom error page 500-100.asp may return sensitive information in Internet Information Services 5.0 and in Internet Information Services 5.1" at http://support.microsoft.com/default.aspx?scid=kb;en-us;906910.

CVE References

CVE-2005-2678