Family: Web Servers --> Category: infos
Malformed Hit-Highlighting Argument Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Acertains IIS IDA/IDQ Path Reveal vulnerability
Detailed Explanation for this Vulnerability Test
The remote IIS web server is missing a security patch.
The remote version of IIS is vulnerable to two vulnerabilities :
- An information disclosure issue allows a remote attacker to obtain
the real pathname of the document root by requesting non-existent
files with .ida or .idq extensions.
- An argument validation issue in the WebHits component lets a remote
attacker read abitrary files on the remote server
Microsoft released a patch for Windows 2000 :
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.