Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure
medium Nessus Plugin ID 10573
Synopsis
The remote web server is affected by an information disclosure vulnerability.Description
A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.Solution
Always remove sample applications from productions servers. In this case, remove the entire /iissamples folder.Plugin Details
Severity: Medium
ID: 10573
File Name: iis5_sample_path.nasl
Version: 1.27
Type: remote
Family: Web Servers
Published: 5/22/2002
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:iis
Required KB Items: Settings/ParanoidReport, www/ASP
Vulnerability Publication Date: 1/1/2000