Microsoft IIS/PWS %2e Request ASP Source Disclosure

medium Nessus Plugin ID 10363

Synopsis

The remote web server is affected by an information disclosure flaw.

Description

It is possible to get the source code of a remote ASP script by appending '%2e' to the end of the request. ASP source code usually contains sensitive information such as logins and passwords.

Solution

Unknown at this time.

Plugin Details

Severity: Medium

ID: 10363

File Name: asp_source_dot.nasl

Version: 1.35

Type: remote

Family: Web Servers

Published: 4/10/2000

Updated: 6/29/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/ASP

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 3/19/1997

Reference Information

CVE: CVE-1999-0253

BID: 1814

Detections

Analytics