Microsoft Index Server Webhits.dll ASP Source Disclosure Vulnerability
BID:2269
Info
Microsoft Index Server Webhits.dll ASP Source Disclosure Vulnerability
| Bugtraq ID: | 2269 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2000 12:00AM |
| Updated: | Mar 31 2000 12:00AM |
| Credit: | This vulnerability was announced in a Cerebus Security Advisory on January 27, 2000 via Bugtraq. |
| Vulnerable: |
Microsoft Indexing Services for Windows 2000 Microsoft Index Server 2.0 alpha Microsoft Index Server 2.0 |
| Not Vulnerable: | |
Discussion
Microsoft Index Server Webhits.dll ASP Source Disclosure Vulnerability
Webhits.dll is part of the Microsoft Index Server package distributed with Windows NT 4.0 and 2000. A problem with the package could allow remote users to gain access to source code of ASP documents.
The problem occurs in the handling of the space string by the library. When a page is requested using the null.htw file, the request is handled by the Webhits.dll library. However, null.htw is not a real file, and is only maintained in memory. By appending a space to the end of the requested file (%20), the source code of the page will be returned to the requesting user, rather than the actual page. This makes it possible for a user with malicious intentions to gain access to the system by extracting the user ID and passwords that may be contained in .asp and .asa files.
Webhits.dll is part of the Microsoft Index Server package distributed with Windows NT 4.0 and 2000. A problem with the package could allow remote users to gain access to source code of ASP documents.
The problem occurs in the handling of the space string by the library. When a page is requested using the null.htw file, the request is handled by the Webhits.dll library. However, null.htw is not a real file, and is only maintained in memory. By appending a space to the end of the requested file (%20), the source code of the page will be returned to the requesting user, rather than the actual page. This makes it possible for a user with malicious intentions to gain access to the system by extracting the user ID and passwords that may be contained in .asp and .asa files.
Solution / Fix
Microsoft Index Server Webhits.dll ASP Source Disclosure Vulnerability
Solution:
Patches available:
Microsoft Index Server 2.0 alpha
Microsoft Index Server 2.0
Microsoft Indexing Services for Windows 2000
Solution:
Patches available:
Microsoft Index Server 2.0 alpha
-
Microsoft Q252463
Windows NT Alpha
http://www.microsoft.com/downloads/release.asp?ReleaseID=17728
Microsoft Index Server 2.0
-
Microsoft Q252463
http://www.microsoft.com/downloads/release.asp?ReleaseID=17727
Microsoft Indexing Services for Windows 2000
-
Microsoft Q251170
http://www.microsoft.com/downloads/release.asp?ReleaseID=17726
References
Microsoft Index Server Webhits.dll ASP Source Disclosure Vulnerability
References:
References:
- Microsoft Security Bulletin (MS00-006) (Microsoft)