Summary
There is a serious vulnerability in Windows 2000 (unpatched by SP1) that allows an attacker to view ASP/ASA source code instead of a processed file.
ASP source code can contain sensitive information such as username's and passwords for ODBC connections.
Solution
install all the latest Microsoft Security Patches (Note: This vulnerability is eliminated by installing Windows 2000 Service Pack 1)
Severity
Classification
-
CVE CVE-2000-0778 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability