Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
IIS XSS via 404 error
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This IIS Server appears to vulnerable to one of the cross site scripting attacks described in MS02-018.
Insight
Insight
The default '404' file returned by IIS uses scripting to output a link to top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the page for execution. The presence of this vulnerability also indicates that the host is vulnerable to the other issues identified in MS02-018 (various remote buffer overflow and cross site scripting attacks...)
Solution
Solution
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.