Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html.
Remove the /IISSamples virtual directory using the Internet Services Manager. If for some reason this is not possible, removing the following ASP script will fix the problem: This path assumes that you installed IIS in c:\inetpub c:\inetpub\iissamples\sdk\asp\docs\CodeBrws.asp
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
- GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
- IBM WebSphere Application Server Multiple CSRF Vulnerabilities
- IBM WebSphere Application Server Administration Console DoS vulnerability