GEN:SID 1:958
Message WEB-FRONTPAGE service.cnf access
Summary This event is generated when an attempt is made to access a file with
sensitive information on a webserver with Microsoft Frontpage extensions
enabled.
Impact If successful, the attacker can read sensitive data about the Frontpage web.
Detailed Information On systems running Microsoft Frontpage Extensions on IIS or Apache web
servers the file _vti_pvt/service.cnf exists which may contain sensitive
information about the web server. This file is meant to be only used
internally by FPSE and never directly by the user.
Affected Systems Systems using Microsoft FrontPage Server Extensions 98
Attack Scenarios An attacker can request the file from its standard location, entering the exact URL.
Ease of Attack Simple. No exploit software required.
Corrective Action Disable direct access to the file /_vti_pvt/service.cnf.
Additional References Microsoft:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q188/2/57.ASP&NoWebContent=1&NoWebContent=1





Rule References bugtraq: 4078
nessus: 10575