Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

Check for IIS .cnf file leakage Vulnerability Scan

Vulnerability Scan Summary
Check for existence of world-readable .cnf files

Detailed Explanation for this Vulnerability Test

The IIS web server may allow remote users to read sensitive information
from .cnf files. This is not the default configuration.

Example, http://target/_vti_pvt%5csvcacl.cnf, access.cnf,
svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf,
bots.cnf, linkinfo.cnf and services.cnf

See also :
Solution: If you do not need .cnf files, then delete them, otherwise use
suitable access control lists to ensure that the .cnf files are not
world-readable by Anonymous users.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.