Summary
The file viewcode.asp is a default IIS files which can give a malicious user a lot of unnecessary information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a webserver hard drive.
Example,
http://target/pathto/viewcode.asp?source=../../../../../../autoexec.bat
Solution
If you do not need these files, then delete them, otherwise use suitable access control lists to ensure that the files are not world-readable.
Severity
Classification
-
CVE CVE-1999-0737 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
- Acritum Femitter Server URI Directory Traversal Vulnerability
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- Ecava IntegraXor Account Information Disclosure Vulnerability
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities