Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration

EDB-ID:

23034

CVE:

N/A




Platform:

Windows

Date:

2003-08-14


source: https://www.securityfocus.com/bid/8419/info

A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list.

When the vulnerable configuration is in place, an attacker may be capable of enumerating the Microsoft URLScan extension filtering list by making repeated requests to files with differing extensions.

The enumeration of this type of information could potentially aid an attacker when launching further attacks against the target web server.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23034.tar.gz