| VID |
21141 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The bdir.htr file under Internet Information Server allows remote attackers to view the directory structure of file systems connected to vulnerable servers. Attackers are limited to only viewing the names of directories and not actual files.
Example,
http://target/scripts/iisadmin/bdir.htr??c:\ |
| Recommendation |
If you do not need these files, then delete them, otherwise use suitable access control lists to ensure that the files are not world-readable. |
| Related URL |
(CVE) |
| Related URL |
2280 (SecurityFocus) |
| Related URL |
2282 (ISS) |
|
