| VID |
27068 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
By default, IIS 4.0 and 5.0 installations create a virtual directory called / issadmpwd, which contains an .HTR file that allows you to change passwords through a web server. If these features are not needed, you should remove / issadmpwd and delete all files and directories related to IIS Admin to reduce the other vulnerabilities.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
¡á IIS 5.0 only
1. Start> Run> INETMGR> website> Remove IISAdmin, IISAdminpwd |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
