Microsoft IIS Translate f: ASP/ASA Source Disclosure

medium Nessus Plugin ID 10491

Synopsis

The remote web server is affected by an information disclosure flaw.

Description

There is a serious vulnerability in Windows 2000 (unpatched by SP1) that allows an attacker to view ASP/ASA source code instead of a processed file. SP source code can contain sensitive information such as usernames and passwords for ODBC connections.

Solution

Install Windows 2000 Service Pack 1 or later.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-058

Plugin Details

Severity: Medium

ID: 10491

File Name: translate_f.nasl

Version: 1.40

Type: remote

Family: CGI abuses

Published: 8/23/2000

Updated: 5/28/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 8/14/2000

Vulnerability Publication Date: 8/15/2000

Reference Information

CVE: CVE-2000-0778

BID: 1578