| VID |
22065 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
Microsoft Index Server could allow a remote attacker to view files on the web server. Microsoft Index Server is a web search engine included in the Windows NT 4.0 Option Pack. A vulnerability in the idq.dll file allows a remote attacker to search outside virtual directories by requesting a specially-crafted URL. Attackers can use this vulnerability to view any file on the web server root drive, if they know or can guess the file name. Attackers can read any files on the target sytem by doing the request :
GET http://target/query.idq?CiTemplate=../../../../../winnt/win.ini
* References:
http://www.iss.net/security_center/static/4232.php
http://www.microsoft.com/technet/security/bulletin/ms00-006.asp |
| Recommendation |
Obtain the patch from Microsoft, as listed in Microsoft Security Bulletin MS00-006. See References. In addition, ensure that your IDQ files restrict user input so that only .HTX files are capable of formatting the output. Some sample files do not sufficiently restrict user input. Sample files should always be removed from production servers. |
| Related URL |
CVE-2000-0126 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
