GEN:SID | 1:1073 |
Message | WEB-MISC webhits.exe access |
Summary | This event is generated when an attempt is made to read web application source code.
|
Impact | Information gathering.
|
Detailed Information | The webhits.exe sample program that comes with Microsoft Index Server in IIS contains a vulnerability that allows the reading of web application source code.
Sometimes web application source code contains highly sensitive information, such as database passwords and information concerning backend setups. This could be a prelude to further attacks.
|
Affected Systems | Microsoft Index Server when deployed in conjunction with Microsoft IIS.
|
Attack Scenarios | Attacker sends a simple URL like the following and then chooses which file they want to view: http://servername/scripts/samples/search/webhits.exe
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Remove the samples directory from the webserver.
Check the host for signs of compromise.
|
Additional References | http://www.win2000mag.com/Articles/Index.cfm?ArticleID=475&pg=2
http://secinf.net/info/www/cgi-bugs.htm
|
Rule References | bugtraq: 950
cve: 2000-0097
|