| VID |
22204 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The iisPROTECT has a Authentication Bypassing vulnerability.
The iisPROTECT is a Web-base user authentication program that is used to password protect Web contents for Microsoft Windows platforms. This vulnerability can be exploited to bypass authentication and gain unauthorized access to web site. If remote attackers submit a crafted request with the hex-encoded URLs, they can bypass the authentication due to improper filtering of URL requests. Using this vulnerability, remote attackers can gain sensitive files and information.
* References:
http://archives.neohapsis.com/archives/vulnwatch/current/0080.html
* Platforms Affected:
iisPROTECT 2.1
iisPROTECT 2.2 |
| Recommendation |
Upgrade to the latest version of iisPROTECT (2.2.0.9 or later), available from the iisPROTECT Web site, http://www.iisprotect.com |
| Related URL |
CVE-2003-0137 (CVE) |
| Related URL |
7661 (SecurityFocus) |
| Related URL |
12055 (ISS) |
|
