漏洞类别:Web server漏洞等级: 
漏洞信息
When loading an executable CGI program, Microsoft Internet Information Server (IIS) decodes the CGI filename twice. First, IIS checks the CGI filename to see if it's an executable file. (For example, IIS might do a suffix check-up to see if there's a '.exe' or '.com' extension.) Then, IIS performs a second decode process. This process would typically only apply to the CGI parameters; however, IIS mistakenly decodes both the CGI parameters and the already decoded CGI filename. Thus, the CGI filename is decoded twice.
With a malformed CGI filename, a malicious user can get around the IIS filename security check-ups, such as the '../' or './' check-ups.
In some cases, a malicious user may be able to run arbitrary system commands.
漏洞危害
If this vulnerability is successfully exploited, then a malicious user may be able to execute arbitrary commands using the user account the Web server is running under (typically the IUSER_machinename account).
解决方案
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS01-026: Microsoft IIS 4.0 (Patch superseded by MS01-044. Please refer to advisory for details.)
MS01-026: Microsoft IIS 5.0 (Patch superseded by MS01-044. Please refer to advisory for details.)
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1000128: HTTP Protocol Decoding
0day
文章评论