Detections
Analytics

Microsoft IIS ASP::$DATA ASP Source Disclosure

medium Nessus Plugin ID 10362

Language:

Synopsis

The remote web server is affected by an information disclosure flaw.

Description

It is possible to get the source code of a remote ASP script by appending '::$DATA' to the end of the request. ASP source code may contain sensitive information such as logins, passwords and server information.

Solution

Apply the hotfixes referenced in the vendor advisory above.

See Also

http://www.nessus.org/u?717a789b

Plugin Details

Severity: Medium

ID: 10362

File Name: asp_source_data.nasl

Version: 1.41

Type: remote

Family: Web Servers

Published: 4/10/2000

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:internet_information_server

Required KB Items: www/ASP

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 7/1/1998

Reference Information

CVE: CVE-1999-0278

BID: 149

MSFT: MS98-003

MSKB: 188806