Oval Definition:
oval:org.mitre.oval:def:191
Revision Date
:
2011-05-16
Version
:
19
Title
:
IIS Web Server File Request Parsing
Description
:
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2000-0886
Platform(s)
:
Microsoft Windows 2000
Product(s)
:
Microsoft Internet Information Server (IIS)
Definition Synopsis
IIS major version equals 5
AND
IIS minor version equals 0
AND
File %windir%\system32\inetsrv\w3svc.dll version is less than 5.0.2195.2784
AND
NOT
Patch Q277873 Installed
AND
NOT
Patch Q293826 Installed
AND
NOT
Patch Q301625 Installed
AND
NOT
Patch Q319733 Installed
AND
NOT
Patch Q327696 Installed
AND
NOT
Patch Q811114 Installed
AND
NOT
Win2K/XP/2003/Vista/2008 service pack 2 is installed
BACK