Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft IIS viewcode.asp Arbitrary File Access

Medium

Synopsis

The file viewcode.asp is a default IIS file which can give a malicious user information about your file system or source files.

Description

The file viewcode.asp is a default IIS file which can give a malicious user information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a web server's hard drive.

Solution

Delete the file if not needed or use suitable access control lists to ensure that the file is not world readable.