975.txt

This is the snapshot of Snot Latest Rules

Rule:

--
Sid:
975

--
Summary:
This event is generated when an attempt is made to access an Active Server Page (ASP) .asp file to disclose its contents. 

--
Impact:
Intelligence gathering activity.  A vulnerability exists that discloses the .asp file contents when the file name is appended with "::$DATA".

--
Detailed Information:
Microsoft Internet Information Service (IIS) uses Active Server Page to supply HTML and server-side scripting.  ASP files use a .asp extension.  When the file name is appended with "::$DATA", the contents of the file are disclosed instead of executing the .asp file.

--
Affected Systems:
Hosts running IIS 3.0, IIS 4.0

--
Attack Scenarios:
An attacker can attempt to reference a .asp file appended with "::$DATA" to see the contents of the file.  Sensitive information may by disclosed depending on the selected file. 

--
Ease of Attack:
Simple. 

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Upgrade to a more current version of IIS.
 
--
Contributors:
Original rule writer unknown
Modified by Brian Caswell <bmc@sourcefire.com>
Sourcefire Vulnerability Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:


--