iisProtect - CVE-2003-0317

Hi all,

wondered if someone could help me.

we have just had an internal PEN test, one of the vulnerabilities that was discovered was our Orion monitoring platform. The CVE for this vulnerability is cve-2003-0317. has anyone else experienced this? how did you get around it and how easy is it to resolve?

Thanks

Richard

Find more posts tagged with

iisprotect

cve

iis

orion

cve-2003-0317

solarwinds

Accepted answers

All comments

tallyrich

Is this a vulnerability if you run the applications via https or just running http?

mldechjr

Wow, that is an old vulnerability, originally rated as a High. Basically it was a URL encoding error that allowed priv escalation by using URL encoding characters in the URL itself. This kind of coding error was fixed by the browser vendors 12 years ago. What were the PEN-testers using to evaluate your install. I would believe it to be a false positive unless you are running an old SolarWinds ver on an old server. I found this in an old Vuln DB Archive. There was an old IIS Plugin called iisProtect. Turns out it had some flaws. See if you can remove it!