Microsoft IIS ASP::$DATA ASP Source Disclosure

Medium Nessus Plugin ID 10362


The remote web server is affected by an information disclosure flaw.


It is possible to get the source code of a remote ASP script by appending '::$DATA' to the end of the request. ASP source code may contain sensitive information such as logins, passwords and server information.


Apply the hotfixes referenced in the vendor advisory above.

See Also

Plugin Details

Severity: Medium

ID: 10362

File Name: asp_source_data.nasl

Version: $Revision: 1.37 $

Type: remote

Family: Web Servers

Published: 2000/04/10

Modified: 2017/08/30

Dependencies: 11919, 67257, 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/ASP

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 1998/07/01

Reference Information

CVE: CVE-1999-0278

BID: 149

OSVDB: 276

MSFT: MS98-003

MSKB: 188806