CVE-2010-2731
published 2010-09-15CVE-2010-2731: Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows…
PriorityP357medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
31.12%
98.0th percentile
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests containing the NTFS Alternate Data Stream suffix ':$i30:$INDEX_ALLOCATION' appended to a directory name in the URI path, which is the bypass technique for IIS Basic Authentication. ↗
- →Monitor IIS 5.1 on Windows XP SP3 for unauthenticated execution of ASP files in Basic Authentication-protected directories, particularly via crafted requests using NTFS stream names. ↗
- ·The vulnerability only affects IIS 5.1 on Windows XP SP3 when directory-based Basic Authentication is specifically enabled; other authentication configurations are not confirmed vulnerable by this CVE. ↗
- ·The Metasploit module targets IIS 5 specifically via NTFS stream name appended to directory names; the bypass technique leverages Alternate Data Streams, so NTFS filesystem is a prerequisite. ↗
- ·All IIS authentication methods are claimed to be bypassable with this technique, not just Basic Authentication, according to the exploit-db write-up. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft IIS 5.0 - Authentication Bypass (MS10-065)
exploitdb·2010-07-02
CVE-2010-2731 Microsoft IIS 5.0 - Authentication Bypass (MS10-065)
Microsoft IIS 5.0 - Authentication Bypass (MS10-065)
---
MS10-065 - Directory Authentication Bypass Vulnerability
Description:
This vulnerability is because of using Alternate Data Stream to open a protected folder. All of IIS
authentication methods can be circumvented. In this technique, we can add a “:$i30:$INDEX_ALLOCATION” to a directory name to bypass the authentication.
Download:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14179.pdf (IIS5.1_Authentication_Bypass.pdf)
Metasploit
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
metasploit
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module bypasses basic authentication for Internet Information Services (IIS). By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication.
Bugzilla
CVE-2010-4042 WebKit: Stale elements in an element map causes webkit to crash
bugzilla·2011-02-09·CVSS 9.8
CVE-2010-4042 [CRITICAL] CVE-2010-4042 WebKit: Stale elements in an element map causes webkit to crash
CVE-2010-4042 WebKit: Stale elements in an element map causes webkit to crash
Google Chrome before 7.0.517.41 does not properly handle element
maps, which allows remote attackers to cause a denial of service
or possibly have unspecified other impact via vectors related
to "stale elements."
http://code.google.com/p/chromium/issues/detail?id=56451
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html
http://www.securityfocus.com/bid/44241
http://secunia.com/advisories/41888
http://www.vupen.com/english/advisories/2010/2731
This is fixed in webkitgtk 1.2.7
Discussion:
Created webkitgtk tracking bugs for this issue
Affects: fedora-13 [bug 676213]
Bugzilla
CVE-2010-4037 webkit: remote bypass of pop-up blocker
bugzilla·2010-11-24·CVSS 4.3
CVE-2010-4037 [MEDIUM] CVE-2010-4037 webkit: remote bypass of pop-up blocker
CVE-2010-4037 webkit: remote bypass of pop-up blocker
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4037 to
the following vulnerability:
Name: CVE-2010-4037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4037
Assigned: 20101021
Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=53002
Reference: CONFIRM: http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html
Reference: BID:44241
Reference: URL: http://www.securityfocus.com/bid/44241
Reference: SECUNIA:41888
Reference: URL: http://secunia.com/advisories/41888
Reference: VUPEN:ADV-2010-2731
Reference: URL: http://www.vupen.com/english/advisories/2010/2731
Unspecified vulnerability in Google Chrome before 7.0.517.41 allows
remote attackers to bypass the pop-up blo
Bugzilla
CVE-2010-4040 WebKit: crafted animated GIF image could cause DoS (memory corruption)
bugzilla·2010-11-24·CVSS 7.8
CVE-2010-4040 [HIGH] CVE-2010-4040 WebKit: crafted animated GIF image could cause DoS (memory corruption)
CVE-2010-4040 WebKit: crafted animated GIF image could cause DoS (memory corruption)
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4040 to
the following vulnerability:
Name: CVE-2010-4040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
Assigned: 20101021
Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=54500
Reference: CONFIRM: http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html
Reference: BID:44241
Reference: URL: http://www.securityfocus.com/bid/44241
Reference: SECUNIA:41888
Reference: URL: http://secunia.com/advisories/41888
Reference: VUPEN:ADV-2010-2731
Reference: URL: http://www.vupen.com/english/advisories/2010/2731
Google Chrome before 7.0.517.41 does not properly handle animated GIF
images, w
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6942https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6942
2010-09-15
Published