Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
BID:2100
Info
Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
| Bugtraq ID: | 2100 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-1090 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 13 2000 12:00AM |
| Updated: | Jul 12 2009 05:56PM |
| Credit: | Discovered by NSFOCUS Security Team <[email protected]> and publicized in a NSFOCUS Security Advisory (SA2000-08) on December 13, 2000. |
| Vulnerable: |
Microsoft IIS Far East Edition 5.0 Microsoft IIS Far East Edition 4.0 SP5 |
| Not Vulnerable: |
Microsoft IIS Far East Edition 4.0 SP6 |
Discussion
Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
The Far East editions of Microsoft IIS do not properly validate HTTP requests containing double-byte character sets (DBCS) which may lead to the disclosure of files contained within the web root. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability.
In the event that IIS Far East edition receives a HTTP request containing a double-byte character in the filename, it will verify for the presence of a lead-byte. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified.
A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords.
The Far East editions of Microsoft IIS do not properly validate HTTP requests containing double-byte character sets (DBCS) which may lead to the disclosure of files contained within the web root. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability.
In the event that IIS Far East edition receives a HTTP request containing a double-byte character in the filename, it will verify for the presence of a lead-byte. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified.
A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords.
Exploit / POC
Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].