| VID |
21934 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web.Config or its backup file was found on the server and disclosed contents of the file. The ASP.NET Web.config file is used to define the configuration settings for an ASP.NET application. ASP.NET and the .NET Framework use .config files to define all configuration options. The .config files, including the ASP.NET Web.config file, are XML files.
The ASP.NET Web.config file contains ASP.NET application configuration settings like Session State, Tracing and Authentication, Database Connection String. This might help a remote attacker to launch further attacks against the affected system.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
If the detected file is a backup of the Web.config file, remove it immediately.
-- OR --
If the affected platform is a Microsoft Windows operating system and has not applied the patch for Microsoft ASP.NET Security Update (MS05-004, KB887219), apply the patch, as listed in Microsoft Security Bulletin MS05-004 at http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx |
| Related URL |
CVE-2004-0847 (CVE) |
| Related URL |
11342 (SecurityFocus) |
| Related URL |
17644 (ISS) |
|
