Detecting if SecureIIS from Eeye is installed
From: Sacha Faust (sacha@severus.org)Date: 01/22/02
- Previous message: Iván Arce: "Re: testing for IP address space leakage in NAT systems"
- Next in thread: Ryan Permeh: "Re: Detecting if SecureIIS from Eeye is installed"
- Reply: Ryan Permeh: "Re: Detecting if SecureIIS from Eeye is installed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Sacha Faust" <sacha@severus.org> To: <pen-test@securityfocus.com> Date: Mon, 21 Jan 2002 22:09:30 -0500
This is not something big and I don't consider it a bug but it's something
that migh be usefull
when trying to brake an IIS server. I don't have a copy of the software so I
don't know if this is cause by misconfiguration or something else.
While debugging after someone mentionned a problem with an early version of
Metis 1.1,
I saw that you can detect the presence of the SecureIIS product from Eeye by
issuing an HEAD request on any files or folder and looking at the return
data.
The SecureIIS will return HTTP error code 406 (Not Acceptable),
Content-Length: 1176 and Content-Type: text/html. It will also announce
itself in the reply message. Here is an example
E:\Metis>nc -v www.site.com 80
www.site.com [111.111.111.111] 80 (http) open
HEAD /
HTTP/1.1 406
Server: Microsoft-IIS/4.0
Date: Tue, 22 Jan 2002 02:23:42 GMT
Content-Type: text/html
Content-Length: 1176
<HTML>
<BODY text=#000000 vLink=#ff9900 link=#ff9900 bgColor=#ffffff>
<TABLE cellSpacing=5 cellPadding=3 width=400>
<TBODY>
<TR>
<TD vAlign=center align=left width=400><FONT
face=Verdana,Arial,Helvetica
size=2><FONT size=3><B>SecureIIS application firewall security
alert</B></FONT><BR><BR><BR>HTTP Request caused a security alert,
please
contact our web master if you are getting this alert in error.<BR><BR>
<HR>
<BR><B>What is SecureIIS</B><BR>SecureIIS offers websites
running Microsoft Internet Information Server a broad range of
protection
from common vulnerabilities, both known and unknown. Because SecureIIS
does not protect against specific vulnerabilities, but classes of
vulnerabilities, it allows for a much more far reaching layer of
security.
<BR><BR>
<HR>
<BR>For more information on SecureIIS, please visit <A
href="http://www.eeye.com/SecureIIS/">http://www.eeye.com/SecureIIS/><B
---------
----------------------------------------------------------------------------
R><BR><B><FONT
color=#ff7000>eEye</FONT>Ö Digital Security</B> - <I>Vulnerability Is
Over...</I></FONT></TD></TR></TBODY></TABLE></BODY></HTML>
Sacha Faust
sacha@severus.org
Metis : http://www.ideahamster.org/tid.htm
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Relevant Pages
|
|
