Microsoft IIS perl.exe HTTP Path Disclosure
Medium Nessus Plugin ID 10120
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionIt was possible to obtain the physical location of a virtual web directory of this host by issuing a request for a non-existent file with an IISAPI-registered extension.
An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks.
SolutionConfigure the web server to check for the existence of a file before it returns an error message.