This script is Copyright (C) 2000-2013 Filipe Custodio
The remote IIS web server is missing a security patch.
The remote version of IIS is affected by two vulnerabilities :
- An information disclosure issue allows a remote attacker
to obtain the real pathname of the document root by
requesting nonexistent files with .ida or .idq
- An argument validation issue in the WebHits component lets
a remote attacker read arbitrary files on the remote
The path disclosure issue has been reported to affect Microsoft Index
Server as well.
See also :
Microsoft released a patch for Windows 2000.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Family: Web Servers
Nessus Plugin ID: 10492 (iis_anything_idq.nasl)
Bugtraq ID: 1065
CVE ID: CVE-2000-0071CVE-2000-0098CVE-2000-0302
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.