Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html.
Remove the /IISSamples virtual directory using the Internet Services Manager. If for some reason this is not possible, removing the following ASP script will fix the problem: This path assumes that you installed IIS in c:\inetpub c:\inetpub\iissamples\sdk\asp\docs\CodeBrws.asp
- IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- IBM WebSphere Application Server Multiple Vulnerabilities
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability