[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

Title: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Released by: Nsfocus
Date: 7th November 2000
Printable version: Click here 
NSFOCUS Security Advisory(SA2000-07)



Topic: Microsoft IIS 4.0/5.0  CGI File Name Inspection Vulnerability



Release Date£º Nov 7th, 2000



CVE Candidate Numbers: CAN-2000-0886

BUGTRAQ ID : 1912



Affected system:

================



 - Microsoft IIS 4.0 (http://www.microsoft.com/technet/security/bulletin/MS00-086.asp



Patches are available at:



. Microsoft IIS 5.0:



* English:

  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25547

* Simplified Chinese:

  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25580

* Traditional Chinese:

  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25581

* German:

  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25582

* Japanese:

  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25583







Additional Information:

========================



The Common Vulnerabilities and Exposures (CVE) project has

assigned the name CAN-2000-0886 to this issue. This is a

candidate for inclusion in the CVE list (http://cve.mitre.org),

which standardizes names for security problems.  Candidates

may change significantly before they become official CVE entries.



DISCLAIMS:

==========

THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY OF ANY

KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, EXCEPT FOR

THE WARRANTIES OF MERCHANTABILITY. IN NO EVENTSHALL NSFOCUS BE LIABLE FOR ANY

DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF

BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUTION OF THE INFORMATION IS

PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY.



?Copyright 1999-2000 NSFOCUS. All Rights Reserved. Terms of use.





NSFOCUS Security Team 

NSFOCUS INFORMATION TECHNOLOGY CO.,LTD

(http://www.nsfocus.com)






(C) 1999-2000 All rights reserved.