Microsoft IIS perl.exe HTTP Path Disclosure

Medium Nessus Plugin ID 10120


The remote web server is affected by an information disclosure vulnerability.


It was possible to obtain the physical location of a virtual web directory of this host by issuing a request for a non-existent file with an IISAPI-registered extension.

An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks.


Configure the web server to check for the existence of a file before it returns an error message.

Plugin Details

Severity: Medium

ID: 10120

File Name: iis_perl_problem.nasl

Version: $Revision: 1.37 $

Type: remote

Family: Web Servers

Published: 1999/06/22

Modified: 2011/06/01

Dependencies: 11919, 10582, 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Vulnerability Publication Date: 1999/01/22

Reference Information

CVE: CVE-1999-0450

BID: 194