| VID |
21188 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The example files (/iissamples) are installed at the corresponding IIS web server. These files may provide various type of unnecessary information related to the installation directory of IIS server.
This can be tested by performing as shown in
telnet www.target.com 80
GET /iissamples/sdk/asp/interaction/ServerVariables_Jscript.asp HTTP/1.0
and the result must be verified on the Command
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10370 |
| Recommendation |
The example files within /iissamples directory must be removed. As many vulnerable samples exist in this example folder, all /iissamples folders must be deleted if not necessary. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
