Solved

BID: 54251 Medium (CVSS: 5.0) NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability

Posted on 2013-01-16
1
1,480 Views
Last Modified: 2013-01-22
We have Windows 2008 and 2003 servers sitting behind Barracuda Load Balancers, and the issue is that when running our vulnerability scans it discovers a vulnerability in IIS that exploits the 8.3 naming scheme; tilde character.

Here is the report:

Medium (CVSS: 5.0)
NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability
Product detection result
cpe:/a:microsoft:iis:6.0
Detected by Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.
,!0.900710)
Overview: This host is running Microsoft IIS Webserver and is prone to
information disclosure vulnerability.
Vulnerability Insight:
Microsoft IIS fails to validate a specially crafted GET request containing a
'~' tilde character, which allows to disclose all short-names of folders and
files having 4 letters extensions.
Impact:
Successful exploitation will allow remote attackers to obtain sensitive
information that could aid in further attacks.
Impact Level: Application
Affected Software/OS:
Microsoft Internet Information Services versions 7.5 and prior
Fix: No solution or patch is available as of 18th July, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.iis.net/
References:
http://www.osvdb.org/83771
http://www.exploit-db.com/exploits/19525
http://code.google.com/p/iis-shortname-scanner-poc
http://soroush.secproject.com/downloadable/iis_tilde_shortname_disclosure.txt
http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulne
,!rability_feature.pdf
OID of test routine: 1.3.6.1.4.1.25623.1.0.802887
References
BID:54251

Solutions Tried:
-Disabling the 8.3 naming scheme convention
-checking registry and confirming this was disabled
-then replicating the file system so the 8.3 naming convention takes effect with previous files because when you disable the naming convention it only applies to future files. So I have to copy and paste my web files so it takes place with my current files.

I re scanned and it still finds this vulnerability.. my question is what else can I try besides upgrading my .NET Frame work because this is not an option considering our codebase only works for the .net framework installed which is 2.0 I believe.
0
Comment
Question by:benpal2476
1 Comment
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795509
Try to exploit as it is possible it is a false positive.
0

Featured Post

The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question