Insecure Log File Permissions in Microsoft Internet Information Server
CVE-2002-1694

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 31 December 2002

Summary

Microsoft Internet Information Server (IIS) 4.0 contains a vulnerability where log files are created with FILE_SHARE_READ and FILE_SHARE_WRITE permissions. This configuration may allow unauthorized remote attackers to alter the contents of active log files while the server is running. Such modifications could lead to misrepresentation of access records, evasion of detection measures, and further compromises of server security. It is critical for administrators to review their server's logging configurations to prevent potential exploitation.

References

http://www.securityfocus.com/bid/3888

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/7919

vdb-entryx_refsource_XF

http://online.securityfocus.com/archive/1/250591

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Jun 21, 2005
Vulnerability published
Dec 31, 2002