Phase:In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
ReferencesBUGTRAQ:Friday, January 22, 1999 Perl.exe and IIS security advisory | BID:194 | URL:http://www.securityfocus.com/bid/194
Votes:Proposed (Monday, July 26, 1999)
Comments: ACCEPT(2) Ozancin, Wall | NOOP(2) Baker, Christey | REJECT(2) Frech, LeBlanc
F7: Frech> Can't find in database. | Christey> This looks like another discovery of CVE-2000-0071 | LeBlanc> - I just tried to repro this based on the BUGTRAQ vuln information, | and it does not repro - | GET /bogus.pl HTTP/1.0 | HTTP/1.1 404 Object Not Found | Server: Microsoft-IIS/5.0 | Date: Thu, 05 Oct 2000 21:04:20 GMT | Content-Length: 3243 | Content-Type: text/html | No path is returned whatsoever. This may have been a problem on some version | of IIS in the past, but the BUGTRAQ ID says all versions are vulnerable. | Let's try and figure out what version had the problem, whether it is | intrinsic to IIS or the result of adding a 3rd party implementation of perl, | and when it got fixed, then we can try again. | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Christey> Add "no-such-file.pl" as an example to the desc, to facilitate | search (it's used by CGI scanners and in the original example)