Results 1 to 3 of 3

Thread: Vulnerability:Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability:Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information

    Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerabil

    An issue has been reported that a number of configuration files (.cnf) in Microsoft IIS 5.1, could be used to disclose sensitive system information to remote users.


    Allegedly, submitting a request for one of the vulnerable files by way of '/_vti_pvt/', will cause the host to reveal system path information. The reported problematic files are 'access.cnf', 'botinfs.cnf', 'bots.cnf' and 'linkinfo.cnf'.

    Microsoft has not confirmed the existence of these vulnerabilities.

    Remote: Yes

    Exploit: No exploit code is required.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    108
    another M$ vulnerability.... y am i not surprise?

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    882

    Thumbs up

    Glad you posted this one s0nIc. I have a client that has been having problems with IIS dumping the FP extentions at times due to buffer overflows. At least thats what the error logs show. I think this may be the culprit. I'll have to probe into this further. Thanks again....
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •