9 lines
No EOL
724 B
Text
9 lines
No EOL
724 B
Text
source: https://www.securityfocus.com/bid/8419/info
|
|
|
|
A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.
|
|
|
|
When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions.
|
|
|
|
The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23034.tar.gz |