Tref, Thank You!!! I just got back into my office and read my email, and the first URL you reference was the one I was remembering. The similiar vulnerablility you reference I was NOT aware of, but I will be taking steps to check out our servers today.
Celeste -----Original Message----- From: Gare, Tref [mailto:[EMAIL PROTECTED]] Sent: Sunday, June 02, 2002 7:18 PM To: [EMAIL PROTECTED] Subject: Re: IIS 5.0 and Passing Parameters via the URL (URL rewriting) Hi Celeste I believe it's the buffer overrun vulnerabilities you're speaking of. I found some info using the following query in google = buffer overrun IIS query string.. http://www.atstake.com/research/advisories/2000/a120400-1.txt and MS response/patch http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/ms00-094.asp another similar vulnerability http://www.legend.net.uk/scripts/nntp/article.php/legend.support/2873.html MS patch http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-033.asp Regards Tref > -----Original Message----- > From: Haseltine, Celeste [SMTP:[EMAIL PROTECTED]] > Sent: Saturday,1 June 2002 12:55 > To: [EMAIL PROTECTED] > Subject: IIS 5.0 and Passing Parameters via the URL (URL rewriting) > > Back towards the end of 2001, I remember attending a free evening seminar > in > the Dallas, TX area, where an individual demonstrated exposing a security > "hole" in IIS. I cannot remember what info he passed via a URL string in > his browser, but the result was that he was able to "get into" or "view" > the > directory structure of the wwwroot directory under the Windows Inetpub > directory. For those of use who use Windows servers with JSP/Servlet > servers such as JRUN, someone could gain direct access to your web pages > and > thereby change your web site using the technique he demonstrated. The > gist > of his demonstration was that you should never use URL rewriting, > particularly on a Windows server, unless you absolutely have to. He also > mentioned some steps to take to prevent someone from accessing your > server's > directory structure via the technique he used in his demonstration. > > I cannot find any articles via Google.com that discuss this potential > security breach in IIS. Does this ring a bell with anyone in the user > community? If so, does anyone know where this information is documented, > which would also detail how to "block" someone from entering an IIS > directory structure as this individual demonstrated? > > Any insight/info regarding this subject would be appreciated. > > Celeste > > ========================================================================== > = > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
