Oval Definition:
oval:org.mitre.oval:def:44
Revision Date
:
2011-05-16
Version
:
19
Title
:
IIS Web Server Folder Traversal
Description
:
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2000-0884
Platform(s)
:
Microsoft Windows 2000
Product(s)
:
Microsoft Internet Information Server (IIS)
Definition Synopsis
IIS major version equals 5
AND
IIS minor version equals 0
AND
File %windir%\system32\inetsrv\w3svc.dll version is less than 5.0.2195.2103
AND
NOT
Patch Q269862 Installed
AND
NOT
Patch Q277873 Installed
AND
NOT
Patch Q293826 Installed
AND
NOT
Patch Q301625 Installed
AND
NOT
Patch Q319733 Installed
AND
NOT
Patch Q327696 Installed
AND
NOT
Patch Q811114 Installed
AND
NOT
Win2K/XP/2003/Vista/2008 service pack 2 is installed
BACK