Copyright (C) 2000-2014 John Lampe <firstname.lastname@example.org>
The remote web server is affected by an information disclosure
The file bdir.htr is a default IIS files which can give a malicious
user a lot of unnecessary information about your file system.
Specifically, the 'bdir.htr' script allows the user to browser and
create files on hard drive. As this includes critical system files, it
is highly possible that the attacker will be able to use this script
to escalate privileges and gain 'Administrator' access.
If you do not need these files, then delete them, otherwise use
suitable access control lists to ensure that the files are not
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Family: Web Servers
Nessus Plugin ID: 10577 (iis_bdir.nasl)
Bugtraq ID: 2280
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.