Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:948 |
| Message | WEB-FRONTPAGE form_results access |
| Summary | This event is generated when an attempt is made to access a file with Microsoft Frontpage form results. |
| Impact | If successful, the attacker can read sensitive data users have posted via forms within the Frontpage web. |
| Detailed Information | On systems running Microsoft Frontpage Extensions on IIS or Apache web servers users can insert forms into web pages and have their data saved into a text file (/_private/form_results.txt) which can later be read or emailed to the user. If direct access to the file is possible, the attacker may read the sensitive data posted from the form. |
| Affected Systems | All systems running FPSE. |
| Attack Scenarios | An attacker can request the file from its standard location, entering the exact URL. |
| Ease of Attack | Simple. No exploit software required. |
| Corrective Action | Disable direct access to the file /_private/form_results.txt Restrict access to the file using password protection. |
| Additional References | |
| Rule References | cve: 1999-1052 |
--
DID:710145
--
http://www.aanval.com/