IIS Detailed Error Information Disclosure

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server has an information disclosure vulnerability.

Description :

The remote web server is improperly configured to deliver detailed
error messages. These detailed error messages may contain confidential
diagnostic information, such as the file system paths to hosted content
and logon information.

See also :

http://www.nessus.org/u?90427c4a
http://www.nessus.org/u?f6006cd8
http://www.iis.net/ConfigReference/system.webServer/httpErrors

Solution :

Configure the IIS server to deliver custom rather than detailed error
messages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 58363 ()

Bugtraq ID:

CVE ID: