Microsoft IIS Cookie information disclosure
Medium Nessus Plugin ID 12229
SynopsisThe remote web server is affected by an information disclosure vulnerability.
DescriptionThe remote host is running Microsoft IIS with what appears to be a a vulnerable disclosure of cookie usage. That is, when sent a Cookie with the '=' character, Microsoft IIS will either respond with an error (if actually processing the cookie via a specific asp page) or disclose information of the .inc file used. This can be used to map applications which are processing cookies.
SolutionConfigure IIS to return custom error pages.