Copyright (C) 2000-2014 John Lampe <[email protected]>
The remote web server is affected by an information disclosure
The file bdir.htr is a default IIS files which can give a malicious
user a lot of unnecessary information about your file system.
Specifically, the 'bdir.htr' script allows the user to browser and
create files on hard drive. As this includes critical system files, it
is highly possible that the attacker will be able to use this script
to escalate privileges and gain 'Administrator' access.
If you do not need these files, then delete them, otherwise use
suitable access control lists to ensure that the files are not
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0