Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure

medium Nessus Plugin ID 10573

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.

Solution

Always remove sample applications from productions servers. In this case, remove the entire /iissamples folder.

Plugin Details

Severity: Medium

ID: 10573

File Name: iis5_sample_path.nasl

Version: 1.27

Type: remote

Family: Web Servers

Published: 5/22/2002

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: Settings/ParanoidReport, www/ASP

Vulnerability Publication Date: 1/1/2000