Detections
Analytics
Microsoft IIS Translate f: ASP/ASA Source Disclosure
medium Nessus Plugin ID 10491
Language:
Synopsis
The remote web server is affected by an information disclosure flaw.Description
There is a serious vulnerability in Windows 2000 (unpatched by SP1) that allows an attacker to view ASP/ASA source code instead of a processed file. SP source code can contain sensitive information such as usernames and passwords for ODBC connections.Solution
Install Windows 2000 Service Pack 1 or later.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-058
Plugin Details
Severity: Medium
ID: 10491
File Name: translate_f.nasl
Version: 1.39
Type: remote
Family: CGI abuses
Published: 8/23/2000
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:iis
Exploit Ease: No exploit is required
Patch Publication Date: 8/14/2000
Vulnerability Publication Date: 8/15/2000
Reference Information
CVE: CVE-2000-0778
BID: 1578