Description

The HTML comments of this page contain configuration information for Microsoft FrontPage Server Extensions. The configuration information includes the FrontPage version and may help an attacker to learn more about his target.

Remediation

It's recommended to restrict access to this file.

References

OWASP - Information Disclosure

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

[MC-FPSEWM]: FrontPage Server Extensions: Website Management Protocol

Related Vulnerabilities

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)

WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)

Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)

WordPress Plugin Slack-Chat Information Disclosure (1.5.5)

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration