Parent Paths

From: news.microsoft.com (me_at_here.com)
Date: 10/26/04 

Date: Tue, 26 Oct 2004 11:26:16 -0500

If I've enabled Parent Paths (PP) in IIS, but have installed the URL Filter
and disallowed ".." and "../" within links, am I covered from the
vulnerabilities of PP's?

This allows me to use PP's in #Include statements, but doesn't allow
visitors to use PP's in their links to access directories on my server.

Is this correct?

TIA

Relevant Pages

  • Parent Paths
    ... If I've enabled Parent Paths in IIS, but have installed the URL Filter ... vulnerabilities of PP's? ...
    (microsoft.public.inetserver.asp.general)
  • Re: FTP scans from wanadoo.fr - MOre info
    ... this look like some mass defacement tools. ... Have there been discovered any vulnerabilities affecting Microsoft's ... that looks like some ftp vulnerability on IIS ... ... > This list is provided by the SecurityFocus ARIS analyzer service. ...
    (Incidents)
  • CERT Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS
    ... A variety of vulnerabilities exist in various versions of Microsoft ... Some of these vulnerabilities may allow an intruder to execute ... There are a variety of vulnerabilities in Microsoft IIS. ...
    (Cert)
  • Re: Frontpage Security Vulnerability
    ... computer and select to scan for IIS vulnerabilities. ... If you have not done so you should run the IIS Lockdown tool on that server ... > Win2k Server to correct this issue? ...
    (microsoft.public.win2000.security)
  • RE: W32/Nimda.a@mm
    ... I have reapplied the IIS cumulative to all IIS servers ... and am attempting to verify that the server is now protected. ... install the IIS August 15 cumulative patch ... This worm seems to exploit the same vulnerabilities as CodeRed II and ...
    (Focus-Microsoft)