|
Family: Web Servers --> Category: infos
Codebrws.asp Source Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tests for presence of Codebrws.asp
Detailed Explanation for this Vulnerability Test
Microsoft's IIS 5.0 web server is shipped with a set of
sample files to demonstrate different features of the ASP
language. One of these sample files allows a remote user to
view the source of any file in the web root with the extension
.asp, .inc, .htm, or .html.
Solution:
Remove the /IISSamples virtual directory using the Internet Services Manager.
If for some reason this is not possible, removing the following ASP script will
fix the problem:
This path assumes that you installed IIS in c:\inetpub
c:\inetpub\iissamples\sdk\asp\docs\CodeBrws.asp
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|