Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:948 |
Message | WEB-FRONTPAGE form_results access |
Summary | This event is generated when an attempt is made to access a file with Microsoft Frontpage form results. |
Impact | If successful, the attacker can read sensitive data users have posted via forms within the Frontpage web. |
Detailed Information | On systems running Microsoft Frontpage Extensions on IIS or Apache web servers users can insert forms into web pages and have their data saved into a text file (/_private/form_results.txt) which can later be read or emailed to the user. If direct access to the file is possible, the attacker may read the sensitive data posted from the form. |
Affected Systems | All systems running FPSE. |
Attack Scenarios | An attacker can request the file from its standard location, entering the exact URL. |
Ease of Attack | Simple. No exploit software required. |
Corrective Action | Disable direct access to the file /_private/form_results.txt Restrict access to the file using password protection. |
Additional References | |
Rule References | cve: 1999-1052 |
--
DID:710145
--
http://www.aanval.com/