Hi all,

I had earlier posted a question abotu ISS not finding the Unicode
Directory Traversal.

ISS responded quickly, it did find it, just called it a different
name.

The reply from ISS is below

Cheers,

Symon

------ Forwarded message -------

From: ISS Technical Support <Supportiss.net>
To: "'sthurlowwebvein.com'" <sthurlowwebvein.com>
Date: Mon, 18 Jun 2001 10:15:54 -0400

Helly Symon,

The vulnerability you are querying about is covered under the same
exploit
as the one you stated that Internet Scanner did find - Unicode
translation
vulnerability.

Regards,
=====================================
Scott E Yetter
Technical Support Engineer
Internet Security Systems

email: supportiss.net
Internet Security Systems, Inc.
Phone - (404) 236-2700 / (888) 447-4861
Web - http://www.iss.net

Internet Security Systems -- The Power to Protect
************************************************************

Hi Scott,

I recently did a scan with iss INternet Scanner 6.1, against an NT4
server
that suffers from the Unicode directory traversal vulnerability.

Microsoft IIS and PWS Extended Unicode Directory Traversal
Vulnerability

ISS didn't pick it up, but did pick up Unicode translation
vulnerability.
Any ideas why it didn't detect the Directory Traversal vuln?
Cheers,

Symon

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]