| VID |
21183 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
IIS web server may allow remote users to read sensitive information regarding server configuration from .cnf files.
Example, http://target/_vti_pvt/svcacl.cnf
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10575 |
| Recommendation |
Solution: If you do not need .cnf files, then delete them, otherwise use suitable access control lists to ensure that the .cnf files are not world-readable. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
