OVAL Repository - View Definition: oval:org.mitre.oval:def:78

OVAL Repository > View Definition

View Definition

NEW SEARCH : BACK

Definition Id: oval:org.mitre.oval:def:78		Version: 7 Last Modified: 2011-04-26
Title:	Windows 2000 IIS Directory Traversal Command Execution (Test 1)
Description:	Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2001-0333
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Information Server (IIS)
Definition Synopsis:
IIS major version equals 5 AND IIS minor version equals 0 AND File %windir%\system32\inetsrv\ism.dll version is less than 5.0.2195.3407 AND NOT Patch Q293826 Installed AND NOT Patch Q301625 Installed AND NOT Patch Q319733 Installed AND NOT Patch Q327696 Installed AND NOT Patch Q811114 Installed AND NOT Windows 2000 Security Roll-up 1 Installed AND NOT Win2K/XP/2003 service pack 3 (or later) is installed

NEW SEARCH : BACK

OVAL Repository

About the Repository

OVAL Repository Forum

Author’s Resources

Items of Interest