Description

The HTML comments of this page contain configuration information for Microsoft FrontPage Server Extensions. The configuration information includes the FrontPage version and may help an attacker to learn more about his target.

Remediation

It's recommended to restrict access to this file.

References

OWASP - Information Disclosure

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

[MC-FPSEWM]: FrontPage Server Extensions: Website Management Protocol

Related Vulnerabilities

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Multiple Vulnerabilities (3.1.1)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5497)

WordPress Plugin AlertWire Information Disclosure (1.1.1)

WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)

WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration