Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Products

Services and Support

Threat Center

Visit our Threat Center

Preemptive Protection against Microsoft Internet Information Services Cross-Site Scripting Vulnerability (MS08-006)

Vulnerability
Protection

Check Point Reference:	CPAI-2008-031
Date Published:
Severity:
Source:	Microsoft Security Bulletin MS08-006
Industry Reference(s):	CVE-2008-0075
Protection Provided by:	VPN-1 NGX R65 NGX R62 NGX R61 NGX R60 NG with Application Intelligence R55 VSX NGX NGX R65 InterSpect NGX Connectra NGX R62 NGX R61
Who is Vulnerable? Microsoft Internet Information Services (IIS) 6.0 Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP2
Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Microsoft Internet Information Services (IIS). IIS is a popular set of Internet-based services for Microsoft Windows servers. Successful exploitation of this vulnerability could result in execution of arbitrary code on the IIS server.

Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS08-006

Vulnerability Details
The vulnerability is due to incorrect encoding of HTML content using the IIS ASP HTMLEncode function. A remote attacker may exploit this issue by uploading a specially crafted ASP page to the target IIS server and then requesting it. Successful exploitation of this issue may result in information disclosure, and may allow the attacker to run arbitrary code on the vulnerable system.

Protection Overview
By enabling this protection, SmartDefense will detect and block cross site scripting attacks. No update is required to address this vulnerability.

Users are protected against this vulnerability if the Protection against Cross Site Scripting addressed in CPSA-2005-03 has been applied.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Cross-Site Scripting.
2. In the configuration pane, under Settings > Mode, check Active.
3. In the configuration pane, under Protection Scope check Apply to all HTTP traffic.
4. Set the Security Level on Medium or High.
5. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the Web Intelligence tree, click Application Layer > and select Cross Site Scripting.
2. In the configuration pane, under Protection Scope select Apply to all HTTP traffic.
3. In the configuration pane, set the Security Level on Medium or High.
4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > Cross Site Scripting.
2. In the configuration pane check Block All Tags for all defined web servers.
3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Cross-Site Scripting.
2. In the configuration pane, under Settings > Mode, check Active.
3. In the configuration pane, under Protection Scope check Apply to all HTTP traffic.
4. Set the Security Level on Medium or High.
5. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

VPN-1 VSX NGX

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > Cross Site Scripting.
2. In the configuration pane check Block All Tags for all defined web servers.
3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click Application Layer > and select Cross Site Scripting.
3. In the configuration pane, set the Security Level on Medium or High.
4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

Connectra NGX R62 & R61

How Can I Protect My Network?
1. In the left-hand menu, click Security > Web Intelligence.
2. Under Protection dealing with web applications using HTTP, select the following:

Cross Site Scripting

3. Set the Security Level on Medium or High.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in URL

Legal Notice for Threat Center Advisories

©2012 Check Point Software Technologies Ltd. All rights reserved.

Check Point Software Technologies, Inc. is a wholly owned
subsidiary of Check Point Software Technologies Ltd.