|
Family: CGI abuses --> Category: attack
IIS Global.asa Retrieval Vulnerability Scan
Vulnerability Scan Summary Tries to retrieve the global.asa file
Detailed Explanation for this Vulnerability Test
This host is running the Microsoft IIS web server. This web server contains
a configuration flaw that allows the retrieval of the global.asa file.
This file may contain sensitive information such as database passwords,
internal addresses, and web application configuration options. This
vulnerability may be caused by a missing ISAPI map of the .asa extension
to asp.dll.
Solution:
To restore the .asa map:
Open Internet Services Manager. Right-click on the affected web server and choose Properties
from the context menu. Select Master Properties, then Select WWW Service --> Edit --> Home
Directory --> Configuration. Click the Add button, specify C:\winnt\system32\inetsrv\asp.dll
as the executable (may be different depending on your installation), enter .asa as the extension,
limit the verbs to GET,HEAD,POST,TRACE, ensure the Script Engine box is checked and click OK.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|