Solved

BID: 54251 Medium (CVSS: 5.0) NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability

Posted on 2013-01-16
1
1,454 Views
Last Modified: 2013-01-22
We have Windows 2008 and 2003 servers sitting behind Barracuda Load Balancers, and the issue is that when running our vulnerability scans it discovers a vulnerability in IIS that exploits the 8.3 naming scheme; tilde character.

Here is the report:

Medium (CVSS: 5.0)
NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability
Product detection result
cpe:/a:microsoft:iis:6.0
Detected by Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.
,!0.900710)
Overview: This host is running Microsoft IIS Webserver and is prone to
information disclosure vulnerability.
Vulnerability Insight:
Microsoft IIS fails to validate a specially crafted GET request containing a
'~' tilde character, which allows to disclose all short-names of folders and
files having 4 letters extensions.
Impact:
Successful exploitation will allow remote attackers to obtain sensitive
information that could aid in further attacks.
Impact Level: Application
Affected Software/OS:
Microsoft Internet Information Services versions 7.5 and prior
Fix: No solution or patch is available as of 18th July, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.iis.net/
References:
http://www.osvdb.org/83771
http://www.exploit-db.com/exploits/19525
http://code.google.com/p/iis-shortname-scanner-poc
http://soroush.secproject.com/downloadable/iis_tilde_shortname_disclosure.txt
http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulne
,!rability_feature.pdf
OID of test routine: 1.3.6.1.4.1.25623.1.0.802887
References
BID:54251

Solutions Tried:
-Disabling the 8.3 naming scheme convention
-checking registry and confirming this was disabled
-then replicating the file system so the 8.3 naming convention takes effect with previous files because when you disable the naming convention it only applies to future files. So I have to copy and paste my web files so it takes place with my current files.

I re scanned and it still finds this vulnerability.. my question is what else can I try besides upgrading my .NET Frame work because this is not an option considering our codebase only works for the .net framework installed which is 2.0 I believe.
0
Comment
Question by:benpal2476
1 Comment
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795509
Try to exploit as it is possible it is a false positive.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now