Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:958 |
Message | WEB-FRONTPAGE service.cnf access |
Summary | This event is generated when an attempt is made to access a file with sensitive information on a webserver with Microsoft Frontpage extensions enabled. |
Impact | If successful, the attacker can read sensitive data about the Frontpage web. |
Detailed Information | On systems running Microsoft Frontpage Extensions on IIS or Apache web servers the file _vti_pvt/service.cnf exists which may contain sensitive information about the web server. This file is meant to be only used internally by FPSE and never directly by the user. |
Affected Systems | Systems using Microsoft FrontPage Server Extensions 98 |
Attack Scenarios | An attacker can request the file from its standard location, entering the exact URL. |
Ease of Attack | Simple. No exploit software required. |
Corrective Action | Disable direct access to the file /_vti_pvt/service.cnf. |
Additional References | Microsoft: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q188/2/57.ASP&NoWebContent=1&NoWebContent=1 |
Rule References | bugtraq: 4078 nessus: 10575 |
--
DID:197780
--
http://www.aanval.com/