Rapid7 Vulnerability & Exploit Database

Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability

Back to Search

Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
01/30/1999
Created
07/25/2018
Added
11/01/2004
Modified
07/31/2012

Description

Microsoft Site Server is an intranet server designed for an NT Server with IIS. Site Server enables users to locate and view information stored in various locations through personalized web pages and emails.

The Users directory, if not already created, is automatically generated once the first successful upload has been completed. By default the Everyone group is given NTFS Change privileges in the Users directory. As well, Scripting and Write permissions are assigned by IIS. Due to all of these factors, it is possible for a user to create and upload various content including ASP pages to the web server through the Anonymous Internet Account (IUSR_machinename).

If one does not have knowledge of a password to access the services in Site Server, a user could telnet to port 80 on the web server and perform a specially crafted PUT request. Once the file is created performing a specially formed GET request will execute the file.

Successful exploitation of this vulnerability will allow a remote user to possibly upload malicious content to the web site.

Solution(s)

  • http-iis-0051

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;