|
|
|||
| Rule General Information |
|---|
| Release Date: | 2013-06-27 | |
| Rule Name: | Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability -1 (CVE-2002-1717) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Microsoft Internet Information Server (IIS) version 5.1 can reveal file contents. If a remote attacker sends a specially-crafted GET request containing "dot dot" sequences (/../) to the server for one of the .cnf files in the /_vti_pvt/ directory, the attacker can cause the server to return the contents of the requested file. | |
| Impact: | This vulnerability affects an unknown function of the file /_vti_pvt/access.cnf of the component GET Request Handler. The manipulation with an unknown input leads to a information disclosure vulnerability (Path). | |
| Affected OS: | Windows | |
| Reference: | CVE-2002-1717 SecurityFocusBID:4078 |
|
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |