Oval Definition:
oval:org.mitre.oval:def:78
Revision Date
:
2011-05-16
Version
:
20
Title
:
Windows 2000 IIS Directory Traversal Command Execution (Test 1)
Description
:
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2001-0333
Platform(s)
:
Microsoft Windows 2000
Product(s)
:
Microsoft Internet Information Server (IIS)
Definition Synopsis
IIS major version equals 5
AND
IIS minor version equals 0
AND
File %windir%\system32\inetsrv\ism.dll version is less than 5.0.2195.3407
AND
NOT
Patch Q293826 Installed
AND
NOT
Patch Q301625 Installed
AND
NOT
Patch Q319733 Installed
AND
NOT
Patch Q327696 Installed
AND
NOT
Patch Q811114 Installed
AND
NOT
Windows 2000 Security Roll-up 1 Installed
AND
NOT
Win2K/XP/2003 service pack 3 (or later) is installed
BACK