Oval Definition:	oval:org.mitre.oval:def:37
Revision Date: 2003-10-10 Version: 14 Title: Windows NT IIS Directory Traversal Command Execution (Test 1) Description: Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2001-0333 Platform(s): Microsoft Windows NT Product(s): Microsoft Internet Information Server (IIS) Definition Synopsis IIS 4.0 Major Version AND IIS minor version equals 0 AND NOT this is an NT Terminal Server AND File %windir%\system32\inetsrv\ism.dll version is less than 4.2.764.1 AND NOT Patch Q295534 Installed AND NOT Patch Q301625 Installed AND NOT Patch Q319733 Installed AND NOT Patch Q327696 Installed AND NOT Patch Q811114 Installed AND NOT Windows NT 4.0 Security Roll-up Package
BACK