MS00-006: Microsoft IIS IDA/IDQ Multiple Vulnerabilities (uncredentialed check)
Medium Nessus Plugin ID 10492
SynopsisThe remote IIS web server is missing a security patch.
DescriptionThe remote version of IIS is affected by two vulnerabilities :
- An information disclosure issue allows a remote attacker to obtain the real pathname of the document root by requesting nonexistent files with .ida or .idq extensions.
- An argument validation issue in the WebHits component lets a remote attacker read arbitrary files on the remote server.
The path disclosure issue has been reported to affect Microsoft Index Server as well.
SolutionMicrosoft released a patch for Windows 2000.