Description

Microsoft Internet Information Services (IIS) installs a file named service.cnf. This file may contain sensitive information, which could allow a remote attacker to launch further attacks.

Remediation

Remove the service.cnf file from the web server or restrict access to this file.

References

Microsoft Internet Information Services Web page

Related Vulnerabilities

WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)

WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)

WordPress Plugin Gravity Forms Information Disclosure (2.4.8)

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Information Disclosure