| VID |
22190 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The remote web server appears to be running with Frontpage extensions.
This plugin tries to GET "http://www.target.com/_vti_inf.html". It ensures that frontpage server extensions are installed. This file contains the version of the Frontpage extensions and the path on the server where the extensions are located. This could be used as an information gathering technique for other attacks.
* References:
http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html |
| Recommendation |
If you do not require the functionality provided by FrontPage Server Extensions, remove all the files associated with FrontPage Server Extensions. or you should double check the configuration since a lot of security problems have been found with FrontPage when the configuration file is not well set up. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
