Microsoft IIS Authentication Bypass And Source Code Disclosure Vulnerabilities Network Vulnerability

Summary

Microsoft IIS is prone to an authentication-bypass vulnerability and a source-code disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to gain unauthorized access to password-protected resources and view the source code of files in the context of the server process this may aid in further attacks. Microsoft IIS 6.0 and 7.5 are vulnerable other versions may also be affected.

References

http://www.microsoft.com/windowsserver2003/iis/default.mspx
http://www.securityfocus.com/bid/53906

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
HServer Webserver Multiple Directory Traversal Vulnerabilities
CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
Herberlin Bremsserver Directory Traversal Vulnerability

Microsoft IIS Authentication Bypass and Source Code Disclosure Vulnerabilities

Take action and discover your vulnerabilities