header-logo
Suggest Exploit
vendor:
URLScan and RSA Security SecurID
by:
SecurityFocus
6.4
CVSS
MEDIUM
Enumeration of Microsoft URLScan extension filtering list
200
CWE
Product Name: URLScan and RSA Security SecurID
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Weakness in Microsoft URLScan and RSA Security SecurID

A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list. When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions. The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.

Mitigation:

Ensure that Microsoft URLScan and RSA Security SecurID are placed in the correct order within the global ISAPI filter list.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8419/info

A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.

When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions.

The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23034.tar.gz

Navigation

Suggest Exploit

Services By CQR