Microsoft IIS /iisadmin Unrestricted Access
Low Nessus Plugin ID 10358
SynopsisThe remote web server is affected by a privilege escalation vulnerability.
DescriptionWhen Microsoft Internet Information Server (IIS) 4.0 is upgraded from version 2.0 or 3.0 the ism.dll file is left in the /scripts/iisadmin directory. This script discloses sensitive information via a specially crafted URL which could lead to elevated privileges. An attacker could use this to gain access to the administrator's password.
SolutionRestrict access to /iisadmin through the IIS ISM.