File: 1660.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (55 lines) | stat: -rw-r--r-- 1,103 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Rule:

--
Don't have affected systems
Sid:
1660
 
--
Summary:
This event is generated when an attempt is made to trace previous web requests on the vulnerable server.

--
Impact:
Information gathering.  This attack may permit viewing sensitive information such as Session ID values and the paths associated with the web requests.

--
Detailed Information:
Microsoft ASP.NET is software used for developing web applications.  It may have tracing enabled to view the previous 50 web requests to the server. At attacker may view sensitive information such as Session ID values and the paths associated withe previous web requests.

--
Affected Systems:


Attack Scenarios:
An attacker can attempt to access the traced requests to gather information.

--
Ease of Attack:
Easy.  

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Set <trace enabled=false> in web.config

--
Contributors:
Original rule writer unknown
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=10993

--