IIS 5.0 Sample App Reveals Physical Path Of Web Root Network Vulnerability

Summary

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.

Solution

Always remove sample applications from productions servers. In this case, remove the entire /iissamples folder.

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
IIS 5.0 Sample App reveals physical path of web root
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
IBM WebSphere Application Server Administration Directory Traversal Vulnerability
Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)

Take action and discover your vulnerabilities