Microsoft IIS Multiple .cnf File Information Disclosure

medium Nessus Plugin ID 10575

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The IIS web server may allow a remote user to retrieve its installation path via GET requests to the files 'access.cnf', 'botinfs.cnf', 'bots.cnf' or 'linkinfo.cnf' in the '/_vti_pvt' directory. This is not the default configuration.

Solution

If you do not need .cnf files, then delete them. Otherwise use suitable access control lists to ensure that the .cnf files are not world-readable by anonymous users.

See Also

https://seclists.org/bugtraq/2002/Feb/174

Plugin Details

Severity: Medium

ID: 10575

File Name: iis_dot_cnf.nasl

Version: 1.46

Type: remote

Family: Web Servers

Published: 12/11/2000

Updated: 5/28/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/11/2002

Reference Information

CVE: CVE-2002-1717

BID: 4078