var-200508-0061
Vulnerability from variot
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. Microsoft IIS In SERVER_NAME Incorrect handling of variables HTTP A vulnerability exists in which a variable can be changed to an arbitrary value by sending a request.It is possible to obtain important information in the system. IIS Far East Edition is prone to a remote security vulnerability.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Microsoft IIS "SERVER_NAME" Variable Spoofing Vulnerability
SECUNIA ADVISORY ID: SA16548
VERIFY ADVISORY: http://secunia.com/advisories/16548/
CRITICAL: Less critical
IMPACT: Spoofing
WHERE:
From remote
SOFTWARE: Microsoft Internet Information Services (IIS) 5.x http://secunia.com/product/39/ Microsoft Internet Information Services (IIS) 6 http://secunia.com/product/1438/
DESCRIPTION: Inge Henriksen has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to spoof certain information.
The vulnerability is caused due to an error when determining the "SERVER_NAME" variable and can be exploited to spoof it via a specially crafted HTTP request.
Successful exploitation may e.g. disclose parts of an ASP scripts' source code or make it possible to bypass security checks performed by a web application based on the "SERVER_NAME" variable.
The vulnerability has been confirmed in IIS 5.1 and has also been reported in versions 5.0 and 6.0.
SOLUTION: Don't make assumptions based on the "SERVER_NAME" variable in web applications.
Don't use the default 500-100.asp error page, as it makes assumptions based on the "SERVER_NAME" variable and may return script contents when encountering errors.
PROVIDED AND/OR DISCOVERED BY: Inge Henriksen
ORIGINAL ADVISORY: http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200508-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "89387"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89387"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-2678",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2678",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2005-2678",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200508-237",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. Microsoft IIS In SERVER_NAME Incorrect handling of variables HTTP A vulnerability exists in which a variable can be changed to an arbitrary value by sending a request.It is possible to obtain important information in the system. IIS Far East Edition is prone to a remote security vulnerability. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft IIS \"SERVER_NAME\" Variable Spoofing Vulnerability\n\nSECUNIA ADVISORY ID:\nSA16548\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/16548/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSpoofing\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMicrosoft Internet Information Services (IIS) 5.x\nhttp://secunia.com/product/39/\nMicrosoft Internet Information Services (IIS) 6\nhttp://secunia.com/product/1438/\n\nDESCRIPTION:\nInge Henriksen has discovered a vulnerability in Microsoft Internet\nInformation Services (IIS), which can be exploited by malicious\npeople to spoof certain information. \n\nThe vulnerability is caused due to an error when determining the\n\"SERVER_NAME\" variable and can be exploited to spoof it via a\nspecially crafted HTTP request. \n\nSuccessful exploitation may e.g. disclose parts of an ASP scripts\u0027\nsource code or make it possible to bypass security checks performed\nby a web application based on the \"SERVER_NAME\" variable. \n\nThe vulnerability has been confirmed in IIS 5.1 and has also been\nreported in versions 5.0 and 6.0. \n\nSOLUTION:\nDon\u0027t make assumptions based on the \"SERVER_NAME\" variable in web\napplications. \n\nDon\u0027t use the default 500-100.asp error page, as it makes assumptions\nbased on the \"SERVER_NAME\" variable and may return script contents\nwhen encountering errors. \n\nPROVIDED AND/OR DISCOVERED BY:\nInge Henriksen\n\nORIGINAL ADVISORY:\nhttp://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2678"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "BID",
"id": "89387"
},
{
"db": "PACKETSTORM",
"id": "39516"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2678",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "16548",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2005-1503",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000494",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237",
"trust": 0.6
},
{
"db": "BID",
"id": "89387",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "39516",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "89387"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "PACKETSTORM",
"id": "39516"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"id": "VAR-200508-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T23:03:39.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/ja/jp/default.aspx"
},
{
"title": "Microsoft IIS Security check bypass vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134890"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2005/1503"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/16548"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=112474727903399\u0026w=2"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/16548/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2678"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2005/1503"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2678"
},
{
"trust": 0.3,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112474727903399\u0026w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/39/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1438/"
}
],
"sources": [
{
"db": "BID",
"id": "89387"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "PACKETSTORM",
"id": "39516"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "89387"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"db": "PACKETSTORM",
"id": "39516"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-23T00:00:00",
"db": "BID",
"id": "89387"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"date": "2005-08-23T23:30:33",
"db": "PACKETSTORM",
"id": "39516"
},
{
"date": "2005-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"date": "2005-08-23T04:00:00",
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-23T00:00:00",
"db": "BID",
"id": "89387"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000494"
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-237"
},
{
"date": "2024-11-21T00:00:07.913000",
"db": "NVD",
"id": "CVE-2005-2678"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS In SERVER_NAME Variable spoofing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-237"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…