Microsoft IIS WebHits null.htw .asp Source Disclosure

Medium Nessus Plugin ID 10356


The remote web server is affected by an information disclosure vulnerability.


It is possible to get the source code of ASP scripts by issuing a specially crafted request.

ASP source codes usually contain sensitive information such as usernames and passwords.


Apply the patches referenced above.

See Also

Plugin Details

Severity: Medium

ID: 10356

File Name: ms_index_server.nasl

Version: $Revision: 1.42 $

Type: remote

Family: Web Servers

Published: 2000/04/01

Modified: 2017/08/30

Dependencies: 11919, 10107, 67257, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/ASP

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/01/27

Reference Information

CVE: CVE-2000-0097, CVE-2000-0302

BID: 950, 1084

OSVDB: 271, 1210

MSFT: MS00-006

MSKB: 251170, 252463