MS17-016: Security Update for Windows IIS (4013074)
medium Nessus Plugin ID 97741
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Windows host is affected by a cross-site scripting vulnerability.Description
The remote Windows host is missing a security update. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.See Also
Plugin Details
Severity: Medium
ID: 97741
File Name: smb_nt_ms17-016.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 3/15/2017
Updated: 11/14/2019
Dependencies: smb_hotfixes.nasl, ms_bulletin_checks_possible.nasl, smb_check_rollup.nasl
Risk Information
CVSS Score Source: CVE-2017-0055
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:iis
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/14/2017
Vulnerability Publication Date: 3/14/2017
Reference Information
CVE: CVE-2017-0055
BID: 96622