SQLQHit Directory Structure Disclosure Network Vulnerability

Summary

The Sample SQL Query CGI is present. The sample allows anyone to structure a certain query that would retrieve the content of directories present on the local server.

Solution

Use Microsoft's Secure IIS Guide (For IIS 4.0 or IIS 5.0 respectively) or Microsoft's IIS Lockdown tool to remove IIS samples. Additional information: http://www.securiteam.com/tools/5QP0N1F55Q.html (IIS Lookdown) http://www.securiteam.com/windowsntfocus/5HP05150AQ.html (Secure IIS 4.0) http://www.securiteam.com/windowsntfocus/5RP0D1F4AU.html (Secure IIS 5.0)

Severity

Classification

CVE CVE-2001-0986

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Apache Struts2 'XWork' Information Disclosure Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Allaire JRun directory browsing vulnerability

Take action and discover your vulnerabilities