IIS XSS Via 404 Error Network Vulnerability

Summary

This IIS Server appears to vulnerable to one of the cross site scripting attacks described in MS02-018. The default '404' file returned by IIS uses scripting to output a link to top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the page for execution. The presence of this vulnerability also indicates that you are vulnerable to the other issues identified in MS02-018 (various remote buffer overflow and cross site scripting attacks...)

References

http://jscript.dk/adv/TL001/
http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-0148, CVE-2002-0150
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ATutor password reminder SQL injection
Apache Struts ClassLoader Manipulation Vulnerabilities
Artmedic Kleinanzeigen File Inclusion Vulnerability
Apache Axis2 Document Type Declaration Processing Security Vulnerability
AjaxPortal 'di.php' File Inclusion Vulnerability

IIS XSS via 404 error

Take action and discover your vulnerabilities