Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
Medium Nessus Plugin ID 10405
SynopsisThe remote web server has an information disclosure vulnerability.
DescriptionThe version of FrontPage Extensions running on the remote host has an information disclosure vulnerability. Using a non-existent file as an argument to the 'shtml.exe' CGI reveals the local absolute path of the web root. A remote attacker could use this information to mount further attacks.
SolutionUpgrade to FrontPage Server Extensions SR1.2 or later.