Microsoft IIS FrontPage Extensions Detection

high Nessus Network Monitor Plugin ID 2180

Synopsis

The remote host is running Microsoft IIS with FrontPage Extensions.

Description

The remote host is running Microsoft IIS with FrontPage Extensions.

Solution

Ensure that you are running a fully patched version of FrontPage and that access to the FrontPage application is limited to authorized developers and/or administrators.

Plugin Details

Severity: High

ID: 2180

Family: Web Servers

Published: 8/30/2004

Updated: 3/6/2019

Nessus ID: 11923

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:frontpage_server_extensions

Exploitable With

CANVAS (CANVAS)

Metasploit (Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow)

Reference Information

CVE: CVE-2003-0822, CVE-2003-0824

BID: 9007, 9008