Detections
Analytics

Microsoft IIS idq.dll Traversal Arbitrary File Access

medium Nessus Plugin ID 10115

Synopsis

The remote Windows host is affected by an information disclosure vulnerability.

Description

There is a vulnerability in idq.dll which allows any remote user to read any file on the target system through the 'query.idq' parameter.

Solution

Microsoft's webhits.dll addresses some of this issue.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-006

Plugin Details

Severity: Medium

ID: 10115

File Name: idq_dll.nasl

Version: 1.38

Type: remote

Family: CGI abuses

Published: 2/8/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Vulnerability Publication Date: 2/2/2000

Reference Information

CVE: CVE-2000-0126

BID: 968

MSFT: MS00-006

MSKB: 251170, 252463