Vulnerability: iisPROTECT solution

IDefence security advisory has warned a vulnerability exists in iisPROTECT, a solution which provides password protection to web directories.The vulnerability allows an attacker to bypass the login authentication and file requests process by simply requesting the same file through different URL-encoded representations.

iisPROTECT has released version 2.2.0.9 to fix this vulnerability, as versions of the solution prior to 2.2 are affected.

The iDefence security advisory is available at: http://www.idefense.com/advisory/05.22.03.txt

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about iDefense

Show Comments