IIS Detailed Error Information Disclosure

medium Nessus Plugin ID 58363

Synopsis

The remote web server has an information disclosure vulnerability.

Description

The remote Microsoft IIS web server is improperly configured to deliver detailed error messages. These detailed error messages may contain confidential diagnostic information, such as the file system paths to hosted content and logon information.

Solution

Configure the IIS server to deliver custom rather than detailed error messages.

See Also

http://www.nessus.org/u?90427c4a

http://www.nessus.org/u?7a15db6e

http://www.iis.net/ConfigReference/system.webServer/httpErrors

Plugin Details

Severity: Medium

ID: 58363

File Name: iis_detailed_error.nasl

Version: 1.7

Type: remote

Family: Web Servers

Published: 3/16/2012

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: www/iis

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true