|
Family: Web Servers --> Category: infos
Microsoft's Index server reveals ASP source code Vulnerability Scan
Vulnerability Scan Summary Checks for a problem in webhits.dll
Detailed Explanation for this Vulnerability Test
It is possible to get the source code of
ASP scripts by issuing the following request :
GET /null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
ASP source codes usually contain sensitive information such
as usernames and passwords.
Solution : If you need the functionality provided by
WebHits, then install the patch available at :
http://www.microsoft.com/technet/security/bulletin/ms00-006.mspx
If you do not need this functionality, then unmap the
.htw extensions from webhits.dll using the Internet
Service Manager MMC snap-in.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|