Microsoft IIS Multiple .cnf File Information Disclosure
Medium Nessus Plugin ID 10575
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionThe IIS web server may allow a remote user to retrieve its installation path via GET requests to the files 'access.cnf', 'botinfs.cnf', 'bots.cnf' or 'linkinfo.cnf' in the '/_vti_pvt' directory. This is not the default configuration.
SolutionIf you do not need .cnf files, then delete them. Otherwise use suitable access control lists to ensure that the .cnf files are not world-readable by anonymous users.