Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803555 |
Kategorie: | Nmap NSE |
Titel: | Nmap NSE 6.01: http-iis-webdav-vuln |
Zusammenfassung: | Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV;folders by searching for a password-protected folder and attempting to access it. This vulnerability;was patched in Microsoft Security Bulletin MS09-020.;;A list of well known folders (almost 900) is used by default. Each one is checked, and if returns an;authentication request (401), another attempt is tried with the malicious encoding. If that attempt;returns a successful result (207), then the folder is marked as vulnerable.;;This script is based on the Metasploit;modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb auxiliary module.;;For more information on this vulnerability and script see the references.;;SYNTAX:;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).;;basefolder: The folder to start in, eg. ''/web'' will try ''/web/xxx''.;;folderdb: The filename of an alternate list of folders.;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;webdavfolder: Selects a single folder to use, instead of using a built-in list. |
Beschreibung: | Summary: Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020. A list of well known folders (almost 900) is used by default. Each one is checked, and if returns an authentication request (401), another attempt is tried with the malicious encoding. If that attempt returns a successful result (207), then the folder is marked as vulnerable. This script is based on the Metasploit modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb auxiliary module. For more information on this vulnerability and script see the references. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). basefolder: The folder to start in, eg. ''/web'' will try ''/web/xxx''. folderdb: The filename of an alternate list of folders. http-max-cache-size: The maximum memory size (in bytes) of the cache. webdavfolder: Selects a single folder to use, instead of using a built-in list. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1122 BugTraq ID: 35232 http://www.securityfocus.com/bid/35232 Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html Microsoft Security Bulletin: MS09-020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5861 http://www.securitytracker.com/id?1022358 http://www.attrition.org/pipermail/vim/2009-June/002192.html http://www.vupen.com/english/advisories/2009/1539 Common Vulnerability Exposure (CVE) ID: CVE-2009-1535 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html http://isc.sans.org/diary.html?n&storyid=6397 http://view.samurajdata.se/psview.php?id=023287d6&page=1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029 |
Copyright | Copyright (C) 2013 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |