Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

IIS Global.asa Retrieval Vulnerability Scan

Vulnerability Scan Summary
Tries to retrieve the global.asa file

Detailed Explanation for this Vulnerability Test

This host is running the Microsoft IIS web server. This web server contains
a configuration flaw that allows the retrieval of the global.asa file.

This file may contain sensitive information such as database passwords,
internal addresses, and web application configuration options. This
vulnerability may be caused by a missing ISAPI map of the .asa extension
to asp.dll.


To restore the .asa map:

Open Internet Services Manager. Right-click on the affected web server and choose Properties
from the context menu. Select Master Properties, then Select WWW Service --> Edit --> Home
Directory --> Configuration. Click the Add button, specify C:\winnt\system32\inetsrv\asp.dll
as the executable (may be different depending on your installation), enter .asa as the extension,
limit the verbs to GET,HEAD,POST,TRACE, ensure the Script Engine box is checked and click OK.

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.