Yes, depending on what patch level IIS is at. That's a URL that would make use of a vulnerability in IIS allowing the user to run commands on the server. Make sure you've got your server patched to the latest rev. -Shawn -----Original Message----- From: Paul [mailto:paul@xxxxxxxx] Sent: Tuesday, April 09, 2002 11:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] iis log file http://www.ISAserver.org Hi, I found following line in my iis log- > what is the meaning of = "/scripts/..=C0%9v../" and "../winnt/system32/cmd.exe /c+dir " should i = be concernd ? #Software: Microsoft Internet Information Services 5.0 #Version: 1.0 #Date: 2002-04-07 01:21:37 #Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem = cs-uri-query sc-status cs-host cs(User-Agent) cs(Referer)=20 2002-04-07 22:26:16 134.96.53.47 - 192.168.1.42 80 GET = /scripts/..=C0%9v../..=C0%9v../..=C0%9v../winnt/system32/cmd.exe /c+dir = 404 - - - =20 Paul ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')