IIS Detailed Error Information Disclosure

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server has an information disclosure vulnerability.

Description :

The remote Microsoft IIS web server is improperly configured to
deliver detailed error messages. These detailed error messages may
contain confidential diagnostic information, such as the file system
paths to hosted content and logon information.

See also :

http://www.nessus.org/u?90427c4a
http://www.nessus.org/u?f6006cd8
http://www.iis.net/ConfigReference/system.webServer/httpErrors

Solution :

Configure the IIS server to deliver custom rather than detailed error
messages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 58363 ()

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial