Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure

Medium Nessus Plugin ID 10956


Some files may be read on the remote host.


Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html.


Apply the patch referenced above.

See Also

Plugin Details

Severity: Medium

ID: 10956

File Name: iis_codebrws.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Web Servers

Published: 2002/05/22

Modified: 2017/08/30

Dependencies: 10107, 11919, 10386, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: www/ASP

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1999/05/07

Reference Information

CVE: CVE-1999-0739

BID: 167

OSVDB: 782

MSFT: MS99-013

MSKB: 231368, 231656