Rapid7 Vulnerability & Exploit Database

Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability

Back to Search

Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/19/2000
Created
07/25/2018
Added
11/01/2004
Modified
03/21/2018

Description

Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\".

Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default, therefore, any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted, modified, or executed. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever.

It has been discovered that a Windows 98 host running Microsoft Personal Web Server is also subject to this vulnerability. (March 18, 2001)

Solution(s)

  • install-microsoft-patch-703d995110add923d90fffc3b76f32f4
  • install-microsoft-patch-d27cb715979ea613c36ee66d5d5e1a72

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;