Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ASP/ASA Source Using Microsoft Translate f: bug (IIS 5.1)

Medium

Synopsis

The remote web server can disclose source code.

Description

There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file when the files are stored on a FAT partition. ASP source code can contain sensitive information such as usernames and passwords for ODBC connections.

Solution

Install the remote web server on a NTFS partition.