File: 3201.txt

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (60 lines) | stat: -rw-r--r-- 971 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Rule:

--
Sid:
3201

--
Summary:
This event is generated when an attempt is made to access the file
httpodbc.dll.

--
Impact:
Serious. Remote code execution is possible.

--
Detailed Information:
Versions of Microsoft Internet Information Server (IIS) and Microsoft
Personal Web Server (PWS) are vulnerable to a directory traversal attack
that may lead to access of certain sensitive system files.

This event is generated when an attempt is made to access the file
httpodbc.dll. This may indicate nimda worm activity.

--
Affected Systems:
	Microsoft IIS 3.0
	Microsoft IIS 4.0
	Microsoft PWS

--
Attack Scenarios:
This may indicate worm activity.

--
Ease of Attack:
Simple.  

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--