Description

Microsoft Internet Information Services (IIS) installs a file named service.cnf. This file may contain sensitive information, which could allow a remote attacker to launch further attacks.

Remediation

Remove the service.cnf file from the web server or restrict access to this file.

References

Microsoft Internet Information Services Web page

Related Vulnerabilities

WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)

Stack Trace Disclosure (Grails)

PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)

WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure