Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure

Medium Nessus Plugin ID 10573


The remote web server is affected by an information disclosure vulnerability.


A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.


Always remove sample applications from productions servers. In this case, remove the entire /iissamples folder.

Plugin Details

Severity: Medium

ID: 10573

File Name: iis5_sample_path.nasl

Version: $Revision: 1.24 $

Type: remote

Family: Web Servers

Published: 2002/05/22

Modified: 2014/05/26

Dependencies: 11919, 10107, 10386, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: Settings/ParanoidReport, www/ASP

Vulnerability Publication Date: 2000/01/01

Reference Information

OSVDB: 471