icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Microsoft IIS viewcode.asp Arbitrary File Access

Medium

Synopsis

The file viewcode.asp is a default IIS file that can give a malicious user information about your file system or source files.

Description

The file viewcode.asp is a default IIS file that can give a malicious user information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a web server's hard drive.

Solution

Delete the file if not needed or use suitable access control lists to ensure that the files are not world readable.