IIS Detailed Error Information Disclosure

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server has an information disclosure vulnerability.

Description :

The remote Microsoft IIS web server is improperly configured to
deliver detailed error messages. These detailed error messages may
contain confidential diagnostic information, such as the file system
paths to hosted content and logon information.

See also :

http://www.nessus.org/u?90427c4a
http://www.nessus.org/u?f6006cd8
http://www.iis.net/ConfigReference/system.webServer/httpErrors

Solution :

Configure the IIS server to deliver custom rather than detailed error
messages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 58363 ()

Bugtraq ID:

CVE ID: