Microsoft IIS IDC Extension XSS

medium Nessus Plugin ID 11142

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

This IIS Server appears to be vulnerable to a cross-site scripting attack due to an error in the handling of overly-long requests on an idc file. It is possible to inject JavaScript in the URL, that will appear in the resulting page.

Solution

Upgrade to Windows 2000 SP3 or higher, as this reportedly fixes the issue.

Plugin Details

Severity: Medium

ID: 11142

File Name: iis_xss_idc.nasl

Version: 1.32

Type: remote

Family: CGI abuses : XSS

Published: 10/24/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 5900

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Detections

Analytics