Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Check for IIS .cnf file leakage
Information
Severity
Severity
Medium
Family
Family
Web Servers
CVSSv2 Base
CVSSv2 Base
5.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Solution Type
Solution Type
Mitigation
Created
Created
18 years ago
Modified
Modified
5 years ago
Summary
The IIS web server may allow remote users to read sensitive information from .cnf files. This is not the default configuration. Example, http://example.com/_vti_pvt%5csvcacl.cnf, access.cnf, svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf, bots.cnf, linkinfo.cnf and services.cnf
Solution
Solution
If you do not need .cnf files, then delete them, otherwise use suitable access control lists to ensure that the .cnf files are not world-readable by Anonymous users.