According to recent vulnerability bulletins, IIS 6.0 set up on a Windows Server 2003 machine with WebDAV service enabled could be vulnerable to remote code execution.
See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7269
Since that IIS is widely used in the Internet it’s better to check that your services are safe.
Yesterday HP research (Link) posted some interesting stuff regarding a new way to exploit vulnerable Struts2 (CVE2017-5638) by injecting malicious payload into filename of Content-Disposition header. This type of payload can be used to avoid rules deployed to catch payloads in Content-Type header.
Again, mitigation is pretty much the same – just upgrade your Struts. Here’s dirty code to check if any of your domains is vulnerable to this.
Here are my dirty python works on checking infamous CVE2017-5638 in a massive way.
Usage: python cve2017-5638_poc.py %url_list_file%
Vulnerable hosts are exported to vulnerable_list.csv file.
Should I work for big company or small would be better – that’s number one question not only for many people starting their career in cybersecurity, but for mature and high-skilled professionals as well. I was lucky to have had an experience in both types of companies (my first one had more than 100 000 employees, and now we’re even less than 300), so let me share my view on this.
