Microsoft IIS Sample Files Installed

2000-06-12T00:00:00
ID OSVDB:283
Type osvdb
Reporter OSVDB
Modified 2000-06-12T00:00:00

Description

Vulnerability Description

Microsoft Internet Information Server (IIS) contains a flaw that may allow a remote attacker to execute arbitrary commands, view arbitrary files and/or disclose sensitive information. The issue is due to various sample files in the /iissamples directory which are installed and activated by default.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the /IISSamples virtual directory when not needed. As a general rule, do not install sample scripts or sample applications on a production server.

Short Description

Microsoft Internet Information Server (IIS) contains a flaw that may allow a remote attacker to execute arbitrary commands, view arbitrary files and/or disclose sensitive information. The issue is due to various sample files in the /iissamples directory which are installed and activated by default.

References:

Vendor URL: http://www.microsoft.com/ Nessus Plugin ID:10370 Generic Informational URL: http://online.securityfocus.com/infocus/1318 Generic Informational URL: http://www.microsoft.com/technet/archive/security/chklist/iischk.mspx