IIS 5.x Vuln Exploit released

By secgeeks - Posted on June 27th, 2007

182

vote

The exploit was discovered on December 15, 2006, and made public since the end of May 2007. The design of IIS 5.x allows to bypass basic authentication by using the hit highlight feature.

Microsoft's response seems to be a bit atypical for them as it includes a section on how to reproduce the exploit. In other words: Microsoft is telling the world how to exploit their products being used by their customers. Not that the worst of those interested in it did not already know, but the one thing we need from Microsoft is not the exploit, but the patch or at least a decent work-around. And that patch is lacking. Their only defensive advice is to upgrade to IIS 6.0.

Continue reading here....

Bookmark/Search this post with:

Similar entries

Recent blog posts

Newly Popular

Drupalit monthly

Drupalit weekly

Drupalit daily

Drupalit hottest

Drupalit latest

Recent comments

Problem solved!!!!
30 weeks 5 days ago
New version here
33 weeks 2 days ago
thanks for sharing.
1 year 1 week ago
links
1 year 2 weeks ago
Link to preplay
1 year 2 weeks ago
so now you are on linkedin
1 year 18 weeks ago
Outlook Email search tool
1 year 34 weeks ago
nice tool..
2 years 25 weeks ago
Preplay for windows
2 years 26 weeks ago
yeah,foxit is god
2 years 28 weeks ago

Get SecGeeks Feeds in your email:

Navigation

Who's online

There are currently 0 users and 11 guests online.

BlogRoll

Hack In The Box

http://maltainfosec.org
http://sipvicious.org/blog/
astalavista.com
Fake antivirus removal instructions

Partners

www.techmantras.com
Play Free Bingo at WikiBingo.co.uk
Find the latest Scratch Cards Games
Play bingo with no commitment-bingo winner.
Rent Sell Property
Post your Classified Ads for free
add your link here..