Follow:

Policy:Win/IIS.FastCGI.RCE!CVE-2010-2730

Severity rating
Important

Class/Type
Policy

Discovered date
2010-09-14T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the way that the IIS handles request headers to IIS servers with FastCGI enabled.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



Technical details (analysis)

FastCGI for IIS enables popular application frameworks that support the FastCGI protocol to be hosted on the IIS web server in a high-performance and reliable way. This vulnerability is caused by the way Internet Information Services with FastCGI enabled handles request headers. An attacker could exploit this vulnerability by creating a specially crafted HTTP request.



Affected software

Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Policy:Win/IIS.FastCGI.RCE!CVE-2010-2730
Release Date: 2010-09-14T00:00:00



Known false positives

This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch.



Work-arounds

Disable FastCGI
Install the UrlRewrite module