Nessus Plugin #10991
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
IIS Global.asa Retrieval
- Family:
- CGI abuses
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2001 Digital Defense Inc.
- Summary:
- Tries to retrieve the global.asa file
- Version:
- $Revision: 1.10 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- -
- Description:
This host is running the Microsoft IIS web server. This web server contains
a configuration flaw that allows the retrieval of the global.asa file.
This file may contain sensitive information such as database passwords,
internal addresses, and web application configuration options. This
vulnerability may be caused by a missing ISAPI map of the .asa extension
to asp.dll.
Solution:
To restore the .asa map:
Open Internet Services Manager. Right-click on the affected web server and choose Properties
from the context menu. Select Master Properties, then Select WWW Service --> Edit --> Home
Directory --> Configuration. Click the Add button, specify C:\winnt\system32\inetsrv\asp.dll
as the executable (may be different depending on your installation), enter .asa as the extension,
limit the verbs to GET,HEAD,POST,TRACE, ensure the Script Engine box is checked and click OK.
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.