9 lines
No EOL
740 B
Text
9 lines
No EOL
740 B
Text
source: http://www.securityfocus.com/bid/8419/info
|
|
|
|
A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.
|
|
|
|
When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions.
|
|
|
|
The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23034.tar.gz |