Alias(es)IIS.IndexServer.Source.Disclosure |
Release DateSep 11, 2006 |
Severitylow |
ImpactInformation disclosure: attackers can view the source code of ASP files on the victim system. |
DescriptionThis indicates a potentially malicious attempt to view the source code of ASP files via a Microsoft Index Server.There is a vulnerability in Microsoft Index Server 2.0 that allows remote attackers to view the source code of ASP files on a target machine. This can be accomplished by appending a %20 to the filename in the "CiWebHitsFile" argument to the null.htw URL. |
Affected ProductsAny unprotected Microsoft Index Server 2.0 is vulnerable to the attack. |
Recommended ActionsApply appropriate patches or upgrade the system to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2000-0302 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS00-006.mspx (MS-ID)http://www.securityfocus.com/bid/1084 (BugTraq) |
