Follow:

Vulnerability:Win/IIS.URL.PE!CVE-2010-2731

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2010-09-14T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

An elevation of privilege vulnerability exists in Internet Information Services (IIS). An attacker who successfully exploited this vulnerability could bypass the need to authenticate to access restricted resources.



Impact

An attacker could use this vulnerability to bypass directory-based basic authentication and access and to execute resources that should require authentication.



Technical details (analysis)

This is an elevation of privilege vulnerability. An attacker could send a specially crafted request to a URL that requires authentication to bypass authentication and execute ASP script to which the attacker should not have access.



Affected software

Windows XP Service Pack 3



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Vulnerability:Win/IIS.URL.PE!CVE-2010-2731
Release Date: 2010-09-14T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Install and Use URLScan.