Description

The HTML comments of this page contain configuration information for Microsoft FrontPage Server Extensions. The configuration information includes the FrontPage version and may help an attacker to learn more about his target.

Remediation

It's recommended to restrict access to this file.

References

OWASP - Information Disclosure

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

[MC-FPSEWM]: FrontPage Server Extensions: Website Management Protocol

Related Vulnerabilities

Nginx memory disclosure with specially crafted HTTP backend responses

WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7)

WordPress Plugin WooCommerce Information Disclosure (4.5.2)

WordPress Plugin Transposh WordPress Translation Multiple Vulnerabilities (1.0.8.1)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration