Description

The HTML comments of this page contain configuration information for Microsoft FrontPage Server Extensions. The configuration information includes the FrontPage version and may help an attacker to learn more about his target.

Remediation

It's recommended to restrict access to this file.

References

OWASP - Information Disclosure

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

[MC-FPSEWM]: FrontPage Server Extensions: Website Management Protocol

Related Vulnerabilities

Virtual Host locations misconfiguration

WordPress Plugin wp superb Slideshow Information Disclosure (2.4)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Information Disclosure (2.0.07)

JBoss ServerInfo MBean

Apache balancer-manager application publicly accessible

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration