Microsoft IIS UNC Mapped Virtual Host Source Disclosure

low Nessus Network Monitor Plugin ID 1583

Synopsis

The IIS web server allows the retrieval of ASP/HTR source code.

Description

The IIS web server allows the retrieval of ASP/HTR source code. An attacker can use this vulnerability to see how your pages interact and find holes in them to exploit.

Solution

Install the latest patches from Microsoft.

Plugin Details

Severity: Low

ID: 1583

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11443

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:internet_information_server

Reference Information

CVE: CVE-2000-0246

BID: 1081