Rapid7 Vulnerability & Exploit Database

NT Index Server Directory Traversal Vulnerability

Back to Search

NT Index Server Directory Traversal Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
01/26/2000
Created
07/25/2018
Added
11/01/2004
Modified
07/31/2012

Description

Index Server 2.0 is a utility included in the NT 4.0 Option Pack. The functionality provided by Index Server has been built into Windows 2000 as Indexing Services.

When combined with IIS, Index Server and Indexing Services include the ability to view web search results in their original context. It will generate an HTML page showing the query terms in a short excerpt of the surrounding text for each page returned, along with a link to that page. This is known as Hit Highlighting. To do this, it supports the .htw filetype which is handled by the webhits.dll ISAPI application. This dll will allow the use of the '../' directory traversal string in the selection of a template file. This will allow for remote, unauthenticated viewing of any file on the system whose location is known by the attacker.

The original patch released for this issue still discloses 'include' file types. 'include' files contain various data (parameters or code) which assist in the execution of program files.

Solution(s)

  • http-iis-0030

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;