Vulners
Lucene search
Microsoft IIS global.asa Remote Information Disclosure
#%NASL_MIN_LEVEL 70300
#
# This script was written by H D Moore
#
# Changes by Tenable:
# - Revised plugin title (1/08/2009)
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(10991);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
# script_cve_id("CVE-MAP-NOMATCH");
# NOTE: reviewed, and no CVE id currently assigned (jfs, december 2003)
script_name(english: "Microsoft IIS global.asa Remote Information Disclosure");
script_summary(english: "Tries to retrieve the global.asa file");
script_set_attribute(attribute:"synopsis", value:
"The remote web server leaks sensitive information." );
script_set_attribute(attribute:"description", value:
"This host is running the Microsoft IIS web server. This web server
contains a configuration flaw that allows the retrieval of the
global.asa file.
This file may contain sensitive information such as database
passwords, internal addresses, and web application configuration
options. This vulnerability may be caused by a missing ISAPI map of
the .asa extension to asp.dll." );
script_set_attribute(attribute:"solution", value:
"To restore the .asa map :
- Open Internet Services Manager.
- Right-click on the affected web server and choose
Properties from the context menu.
- Select Master Properties, then Select WWW Service -->
Edit --> Home Directory --> Configuration.
- Click the Add button
- Specify C:\winnt\system32\inetsrv\asp.dll as the
executable (may be different depending on your
installation),
- Enter .asa as the extension,
- Limit the verbs to GET,HEAD,POST,TRACE,
- Ensure the Script Engine box is checked and
- Click OK." );
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_publication_date", value:
"2002/06/05");
script_set_attribute(attribute:"vuln_publication_date", value: "2003/12/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2001-2021 Digital Defense Inc.");
script_family(english: "CGI abuses");
script_dependencie("find_service1.nasl", "http_version.nasl", "www_fingerprinting_hmap.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port)){ exit(0); }
sig = get_kb_item("www/hmap/" + port + "/description");
if ( sig && "IIS" >!< sig ) exit(0);
function sendrequest (request, port)
{
return http_keepalive_send_recv(port:port, data:request);
}
req = http_get(item:"/global.asa", port:port);
reply = sendrequest(request:req, port:port);
if ("RUNAT" >< reply)
{
security_note(port:port);
set_kb_item(name:"iis/global.asa.download", value:TRUE);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2021 00:00Current
5.4Medium risk
Vulners AI Score5.4