Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Security

Submission + - Microsoft Downplays Serious IIS Bug Threat

snydeq writes: "Microsoft confirmed that its IIS Web server software contains a vulnerability that could let attackers steal data, but downplayed the threat. The flaw, which involves how Microsoft's software processes Unicode tokens, has been found to give attackers a way to view protected files on IIS Web servers without authorization. The vulnerability, exposed by Nikolaos Rangos, could be used to upload files as well. Affecting IIS 6 users who have enabled WebDAV for sharing documents via the Web, the flaw is currently being exploited in online attacks, according to CERT, and is reminiscent of the well-known IIS unicode path traversal issue of 2001, one of the worst Windows vulnerabilities of the past decade."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft Downplays Serious IIS Bug Threat

Comments Filter:

Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley

Working...