| VID |
27062 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
You should block to use something like "." for moving to parent directory because it may allow hacking by moving from child directory to parent directory, Unicode bug and an denial of service attack.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
¡á IIS 5.0, 6.0
1. Internet Information Service(IIS) Management> Select website> Properties> Home Directory> Configurations>
2. Uncheck ¡°Use Parents Path¡° in Option tab
¡á IIS 7.0, 8.0. 10.0
1. Internet Information Service(IIS) Management> Select website> IIS> ASP>
2. Set ¡°Use Parents Path¡± to "False" |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
