[1534] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MicroSoft IIS security BUG

daemon@ATHENA.MIT.EDU (Andy Baron)
Sun Feb 25 01:19:45 1996

Date: Sat, 24 Feb 1996 22:21:47 -0500
To: www-security@ns2.rutgers.edu
From: baron@box.omna.com (Andy Baron)
Errors-To: owner-www-security@ns2.rutgers.edu

WWW people must know about this:

well-known .bat BUG for Netscape server is more dangerous for MicroSoft IIS
WWW server.

1) IIS Web server allows you to execute your "batch file"
2) Intrusion does not logged by IIS

more detailes in http://www.omna.com/iis-bug.htm

I'll send this posting to several WWW and security related mailing lists
as well as to MicroSoft.

    Andy Baron, MWC


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1534] in WWW Security List Archive

MicroSoft IIS security BUG

daemon@ATHENA.MIT.EDU (Andy Baron)Sun Feb 25 01:19:45 1996

daemon@ATHENA.MIT.EDU (Andy Baron)
Sun Feb 25 01:19:45 1996