Description

Microsoft Internet Information Services (IIS) installs a file named service.cnf. This file may contain sensitive information, which could allow a remote attacker to launch further attacks.

Remediation

Remove the service.cnf file from the web server or restrict access to this file.

References

Microsoft Internet Information Services Web page

Related Vulnerabilities

SAP ICF /sap/public/info sensitive information disclosure

WordPress Plugin Helpful Information Disclosure (4.5.25)

Adminer 4.6.2 file disclosure vulnerability

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

Laravel log file publicly accessible

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure