Summary
A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.
Solution
Always remove sample applications from productions servers.
In this case, remove the entire /iissamples folder.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- JServ Cross Site Scripting
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- httpdx Space Character Remote File Disclosure Vulnerability