Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)

medium Nessus Plugin ID 19596

Synopsis

The remote host has an application that is affected by a source code disclosure vulnerability.

Description

There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file, when the files are stored on a FAT partition.

ASP source code can contain sensitive information such as username's and passwords for ODBC connections.

Solution

Install the remote web server on a NTFS partition

See Also

http://www.nessus.org/u?81d0b19f

Plugin Details

Severity: Medium

ID: 19596

File Name: translate_f_51.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 9/8/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Patch Publication Date: 8/14/2000

Vulnerability Publication Date: 8/15/2000

Reference Information

CVE: CVE-2000-0778

BID: 14764