| VID |
21001 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
* References:
http://www.iss.net/security_center/static/4439.php
http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html |
| Recommendation |
No remedy available as of May 2000. If you do not require the functionality provided by FrontPage Server Extensions, remove all the files associated with FrontPage Server Extensions. |
| Related URL |
CVE-2000-0413 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
