Microsoft FrontPage Insecure Extension Configuration

medium Web App Scanning Plugin ID 112772

Synopsis

Microsoft FrontPage Insecure Extension Configuration

Description

An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the _vti_pvt directory.

Solution

Restrict public access to web services or sensitive resources in the _vti_bin & _vti_pvt directories.
If possible, upgrade to the latest version of FrontPage Extensions.

See Also

https://beaglesecurity.com/blog/vulnerability/insecure-frontpage-extensions-configuration-found.html

Plugin Details

Severity: Medium

ID: 112772

Type: remote

Published: 5/12/2021

Updated: 11/26/2021

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*

Reference Information