Solved

BID: 54251 Medium (CVSS: 5.0) NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability

Posted on 2013-01-16
1
1,465 Views
Last Modified: 2013-01-22
We have Windows 2008 and 2003 servers sitting behind Barracuda Load Balancers, and the issue is that when running our vulnerability scans it discovers a vulnerability in IIS that exploits the 8.3 naming scheme; tilde character.

Here is the report:

Medium (CVSS: 5.0)
NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability
Product detection result
cpe:/a:microsoft:iis:6.0
Detected by Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.
,!0.900710)
Overview: This host is running Microsoft IIS Webserver and is prone to
information disclosure vulnerability.
Vulnerability Insight:
Microsoft IIS fails to validate a specially crafted GET request containing a
'~' tilde character, which allows to disclose all short-names of folders and
files having 4 letters extensions.
Impact:
Successful exploitation will allow remote attackers to obtain sensitive
information that could aid in further attacks.
Impact Level: Application
Affected Software/OS:
Microsoft Internet Information Services versions 7.5 and prior
Fix: No solution or patch is available as of 18th July, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.iis.net/
References:
http://www.osvdb.org/83771
http://www.exploit-db.com/exploits/19525
http://code.google.com/p/iis-shortname-scanner-poc
http://soroush.secproject.com/downloadable/iis_tilde_shortname_disclosure.txt
http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulne
,!rability_feature.pdf
OID of test routine: 1.3.6.1.4.1.25623.1.0.802887
References
BID:54251

Solutions Tried:
-Disabling the 8.3 naming scheme convention
-checking registry and confirming this was disabled
-then replicating the file system so the 8.3 naming convention takes effect with previous files because when you disable the naming convention it only applies to future files. So I have to copy and paste my web files so it takes place with my current files.

I re scanned and it still finds this vulnerability.. my question is what else can I try besides upgrading my .NET Frame work because this is not an option considering our codebase only works for the .net framework installed which is 2.0 I believe.
0
Comment
Question by:benpal2476
1 Comment
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795509
Try to exploit as it is possible it is a false positive.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now