Inge Henriksen has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to gain knowledge of potentially sensitive information.
The vulnerability is caused due the "500-100.asp" script making assumptions based on the user-controlled "SERVER_NAME" variable. This can be exploited to gain knowledge of script contents when an error is encountered via a specially crafted HTTP request.
The vulnerability has been confirmed in IIS 5.1 and has also been reported in version 5.0. Version 6.0 is reportedly not affected.
Solution: The vendor recommends modifying the 500-100.asp error page manually, or removing the "All Unassigned" binding for all sites and specify required host names (see KB906910 for details).
Provided and/or discovered by: Inge Henriksen
Original Advisory: http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft IIS "500-100.asp" Source Code Disclosure
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.