Microsoft IIS perl.exe HTTP Path Disclosure

medium Nessus Plugin ID 10120

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

It was possible to obtain the physical location of a virtual web directory of this host by issuing a request for a non-existent file with an IISAPI-registered extension.

An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks.

Solution

Configure the web server to check for the existence of a file before it returns an error message.

Plugin Details

Severity: Medium

ID: 10120

File Name: iis_perl_problem.nasl

Version: 1.41

Type: remote

Family: Web Servers

Published: 6/22/1999

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/22/1999

Reference Information

CVE: CVE-1999-0450

BID: 194

Detections

Analytics