Microsoft URLScan 2.5/RSA Security SecurID 5.0 – Configuration Enumeration

24次阅读
没有评论

Microsoft URLScan 2.5/RSA Security SecurID 5.0 – Configuration Enumeration

漏洞ID 1054099 漏洞类型
发布时间 2003-08-14 更新时间 2003-08-14
Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration EnumerationCVE编号 N/A
Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration EnumerationCNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23034
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8419/info

A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.

When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions.

The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23034.tar.gz

相关推荐: Opera Same Origin Policy Circumvention Vulnerability

Opera Same Origin Policy Circumvention Vulnerability 漏洞ID 1102740 漏洞类型 Access Validation Error 发布时间 2001-11-15 更新时间 2001-11-15 CVE…

正文完
 0