Synopsis :

The remote web server is affected by an authentication bypass
vulnerability.

Description :

The version of Microsoft IIS installed on the remote host is affected
by an authentication bypass vulnerability. It is possible to access
PHP files in protected web directories without authentication by
appending '::$INDEX_ALLOCATION' to the directory name.

See also :

http://packetstormsecurity.org/files/113497/iis-bypass.txt
http://msdn.microsoft.com/en-us/library/ff469210(v=prot.10).aspx

Solution :

There is no known solution at this time.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true