Description

Microsoft Internet Information Services (IIS) installs a file named service.cnf. This file may contain sensitive information, which could allow a remote attacker to launch further attacks.

Remediation

Remove the service.cnf file from the web server or restrict access to this file.

References

Microsoft Internet Information Services Web page

Related Vulnerabilities

FireStats Arbitrary File Download (1.6.5)

Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

Memphis Documents Library Arbitrary File Download (3.1.5)

SharePoint exposed web services

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Information Disclosure