| VID |
22141 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS webserver has the virtual directories browsable. Directory browsing is an inherited value that also applies to any subdirectories. Any file within these directories can be viewed or downloaded.
It allows a remote attacker to obtain the attacker valuable information about which default scripts you have installed and also whether there are any custom scripts present which may have vulnerabilities.
* References:
http://www.iss.net/security_center/static/928.php |
| Recommendation |
To disable directory browsing:
1. Open Internet Services Manager.
2. Go to the relative Web server, and locate the directory reported by Scanner, right-click Properties.
3. Click the Home Directories tab, and clear the Directory browser allowed check box. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
