| VID |
27070 |
| Severity |
10 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
Because unused script mapping threatens security, you should delete mapping file after checking with developer. Extensions like .asp, .shtm are mapped with specific DLL, and processed by dll. So When you delete unused mapping, It helps security. Especially .ida, .idc, .idq, .printer, .htr, .htw extensions are vulnerable to buffer overflow attack, so We recommend to delete these extensions.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
¡á IIS 5.0, 6.0
1. Start> Run> INETMGR> Website> Select website> Properties> Home Directory> Configurations
2. Remove below items in Mapping
(.asp, .htr, .stm, .shtm, .shtml, .printer, .htw, .ida, .idq, .htw)
¡á IIS 7.0
1. Start> Run> INETMGR> Website> Select website> Processor Mapping
2. Remove below items in Mapping
(.htr, .idc, .stm, .shtm, .shtml, .printer, .htw, .ida, .idq) |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
