Intrusion Prevention

MS.IIS.Configuration.File.Information.Disclosure

Description

It indicates a potential path disclosure vulnerability in Microsoft Internet Information Service (IIS).
IIS 5.1 web server may have a vulnerability that allows remote users to access sensitive system information from configuration (.cnf) files by submitting a specially-crafted request.

Affected Products

Any unprotected IIS 5.1 is vulnerable to the attack.

Impact

Attackers can gain sensitive information on the victim system.

Recommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

Other References

1