Microsoft FrontPage Insecure Extension Configuration

medium Web Application Scanning Plugin ID 112772

Synopsis

Microsoft FrontPage Insecure Extension Configuration

Description

An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the _vti_pvt directory.

Solution

Restrict public access to web services or sensitive resources in the _vti_bin & _vti_pvt directories.
If possible, upgrade to the latest version of FrontPage Extensions.

See Also

https://beaglesecurity.com/blog/vulnerability/insecure-frontpage-extensions-configuration-found.html

Plugin Details

Severity: Medium

ID: 112772

Type: remote

Published: 5/12/2021

Updated: 11/26/2021

Scan Template: scan, pci

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:M/Au:N/C:P/I:C/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*

Reference Information