HTTP: IIS Ad Server Configuration Disclosure
This signature detects attempts to download the site.csc configuration file for Microsoft Ad Server. Attackers can access sensitive information.
Extended Description
A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file (SITE.CSC) which contains sensitive information pertaining to an SQL database. The AdSamples directory is a part of the Ad Server component of Site Server which can be installed optionally. If the sample directory is installed and access controls are not applied, any user can read the site's SITE.CSC file. This file can may contain the DSN, username and password to access the Site Server's SQL database.
Affected Products
Microsoft site_server
Short Name
HTTP:IIS:AD-SERVER-CONFIG
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Ad CVE-1999-1520 Configuration Disclosure IIS Server bid:256
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0