IIS IDA/IDQ Path Disclosure Network Vulnerability

Summary

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks.

Solution

Select 'Preferences ->Home directory ->Application', and check the checkbox 'Check if file exists' for the ISAPI mappings of your server.

Severity

Classification

CVE CVE-2000-0071

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
Codebrws.asp Source Disclosure Vulnerability
Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
Apache Tomcat Hash Collision Denial Of Service Vulnerability
Apache Tomcat Multiple Vulnerabilities January 2010

Take action and discover your vulnerabilities