Solved

BID: 54251 Medium (CVSS: 5.0) NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability

Posted on 2013-01-16
1
1,473 Views
Last Modified: 2013-01-22
We have Windows 2008 and 2003 servers sitting behind Barracuda Load Balancers, and the issue is that when running our vulnerability scans it discovers a vulnerability in IIS that exploits the 8.3 naming scheme; tilde character.

Here is the report:

Medium (CVSS: 5.0)
NVT: Microsoft IIS Tilde Character Information Disclosure Vulnerability
Product detection result
cpe:/a:microsoft:iis:6.0
Detected by Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.
,!0.900710)
Overview: This host is running Microsoft IIS Webserver and is prone to
information disclosure vulnerability.
Vulnerability Insight:
Microsoft IIS fails to validate a specially crafted GET request containing a
'~' tilde character, which allows to disclose all short-names of folders and
files having 4 letters extensions.
Impact:
Successful exploitation will allow remote attackers to obtain sensitive
information that could aid in further attacks.
Impact Level: Application
Affected Software/OS:
Microsoft Internet Information Services versions 7.5 and prior
Fix: No solution or patch is available as of 18th July, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.iis.net/
References:
http://www.osvdb.org/83771
http://www.exploit-db.com/exploits/19525
http://code.google.com/p/iis-shortname-scanner-poc
http://soroush.secproject.com/downloadable/iis_tilde_shortname_disclosure.txt
http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulne
,!rability_feature.pdf
OID of test routine: 1.3.6.1.4.1.25623.1.0.802887
References
BID:54251

Solutions Tried:
-Disabling the 8.3 naming scheme convention
-checking registry and confirming this was disabled
-then replicating the file system so the 8.3 naming convention takes effect with previous files because when you disable the naming convention it only applies to future files. So I have to copy and paste my web files so it takes place with my current files.

I re scanned and it still finds this vulnerability.. my question is what else can I try besides upgrading my .NET Frame work because this is not an option considering our codebase only works for the .net framework installed which is 2.0 I believe.
0
Comment
Question by:benpal2476
1 Comment
 
LVL 5

Accepted Solution

by:
Coffinated earned 500 total points
ID: 38795509
Try to exploit as it is possible it is a false positive.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
Know what services you can and cannot, should and should not combine on your server.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now