Title

Vulnerability in Microsoft Internet Information Services (IIS) (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability affecting Microsoft Internet Information Services (IIS). A security feature bypass vulnerability exists in Microsoft Information Services (IIS) that is caused when incoming web requests are not properly compared against the "IP and domain restriction" filtering list. To exploit these vulnerabilities, an attacker would require in depth knowledge of the remote IIS server and corresponding network topology and have control of the reverse DNS information, or be able to poison the authoritative DNS of the IIS server. If successfully exploited, these vulnerabilities would allow clients from a restricted or blocked domains to have access to restricted web resources.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-57359

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.