Summary
A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.
Solution
Always remove sample applications from productions servers.
In this case, remove the entire /iissamples folder.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Session Fixation Vulnerability (Windows)
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
- Lil' HTTP Server Cross Site Scripting Vulnerability
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability