Your IIS webserver allows the retrieval of ASP/HTR source code. An attacker can use this vulnerability to see how your pages interact and find holes in them to exploit.