IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks.
Select 'Preferences ->Home directory ->Application', and check the checkbox 'Check if file exists' for the ISAPI mappings of your server.
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
- Check for IIS .cnf file leakage