Description

The HTML comments of this page contain configuration information for Microsoft FrontPage Server Extensions. The configuration information includes the FrontPage version and may help an attacker to learn more about his target.

Remediation

It's recommended to restrict access to this file.

References

OWASP - Information Disclosure

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

[MC-FPSEWM]: FrontPage Server Extensions: Website Management Protocol

Related Vulnerabilities

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-0701)

Possible virtual host found

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration