[NT] Multiple Vulnerabilities in w3who ISAPI DLL
From: SecuriTeam (support_at_securiteam.com)
Date: 12/08/04
- Previous message: SecuriTeam: "[TOOL] Absinthe - Blind SQL Injection Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 8 Dec 2004 17:49:04 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vulnerabilities in w3who ISAPI DLL
------------------------------------------------------------------------
SUMMARY
From the
<http://www.microsoft.com/windows2000/techinfo/reskit/default.asp> Windows
2000 Resource Kit documentation: "W3Who is an Internet Server Application
Programming Interface (ISAPI) application dynamic-link library (DLL) that
works within a Web page to display information about the calling context
of the client browser and the configuration of the host server."
W3who is vulnerable to two XSS vulnerabilities, and an easily exploitable
buffer-overflow.
DETAILS
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1133>
CAN-2004-1133 Cross-site scripting issues in w3who.dll
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1134>
CAN-2004-1134 Buffer-overflow in w3who.dll
XSS vulnerability when displaying HTTP headers:
Sending the following request to the server will cause the script to run
on the client's browser.
Connection: keep-alive<script>alert("Hello")</script>
XSS vulnerability in error message:
/scripts/w3who.dll?bogus=<script>alert("Hello")</script>
Buffer overflow when called with long parameter name:
Providing a long parameter name to the server side script will cause a
buffer overflow.
/scripts/w3who.dll?A...[519 to 12571]
Recommendation:
Restrict access to the DLL. Do not use it on production servers.
Vendor Status:
After notification by Exaprobe, Microsoft choose to remove the web
download of this component and do not have any plans to issue an updated
version.
ADDITIONAL INFORMATION
The information has been provided by <mailto:ngregoire@exaprobe.com>
Nicolas Gregoire.
The original article can be found at:
<http://www.exaprobe.com/labs/advisories/esa-2004-1206.html>
www.exaprobe.com/labs/advisories/esa-2004-1206.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] Absinthe - Blind SQL Injection Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
