MS01-026 / MS01-044: Microsoft IIS Remote Command Execution (uncredentialed check)

This script is Copyright (C) 2001-2017 Matt Moore / H D Moore

Synopsis :

Arbitrary commands can be executed on the remote web server.

Description :

When IIS receives a user request to run a script, it renders the
request in a decoded canonical form, and then performs security checks
on the decoded request. A vulnerability results because a second,
superfluous decoding pass is performed after the initial security checks
are completed. Thus, a specially crafted request could allow an
attacker to execute arbitrary commands on the IIS Server.

See also :

Solution :

Microsoft has released a set of patches for IIS 4.0 and 5.0.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10671 (iis_decode_bug.nasl)

Bugtraq ID: 2708

CVE ID: CVE-2001-0333

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now