Family: Web Servers --> Category: infos
Check for IIS .cnf file leakage Vulnerability Scan
Vulnerability Scan Summary
Check for existence of world-readable .cnf files
Detailed Explanation for this Vulnerability Test
The IIS web server may allow remote users to read sensitive information
from .cnf files. This is not the default configuration.
Example, http://target/_vti_pvt%5csvcacl.cnf, access.cnf,
svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf,
bots.cnf, linkinfo.cnf and services.cnf
See also : http://www.safehack.com/Advisory/IIS5webdir.txt
Solution: If you do not need .cnf files, then delete them, otherwise use
suitable access control lists to ensure that the .cnf files are not
world-readable by Anonymous users.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.