GEN:SID 1:975
Message WEB-IIS Alternate Data streams ASP file access attempt
Summary This event is generated when an attempt is made to access an Active Server Page (ASP) .asp file to disclose its contents.
Impact Intelligence gathering activity.  A vulnerability exists that discloses the .asp file contents when the file name is appended with "::$DATA".
Detailed Information Microsoft Internet Information Service (IIS) uses Active Server Page to supply HTML and server-side scripting.  ASP files use a .asp extension.  When the file name is appended with "::$DATA", the contents of the file are disclosed instead of executing the .asp file.
Affected Systems Hosts running IIS 3.0, IIS 4.0
Attack Scenarios An attacker can attempt to reference a .asp file appended with "::$DATA" to see the contents of the file.  Sensitive information may by disclosed depending on the selected file.
Ease of Attack Simple.
Corrective Action Upgrade to a more current version of IIS.
Additional References Microsoft
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188806

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0278

Bugtraq
http://www.securityfocus.com/bid/149

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=10362
Rule References bugtraq: 149
cve: 1999-0278
nessus: 10362
url: support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806