Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html.
Remove the /IISSamples virtual directory using the Internet Services Manager. If for some reason this is not possible, removing the following ASP script will fix the problem: This path assumes that you installed IIS in c:\inetpub c:\inetpub\iissamples\sdk\asp\docs\CodeBrws.asp
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)