Signature Detail
Short Name |
HTTP:IIS:AD-SERVER-CONFIG |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS Ad Server Configuration Disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IIS Ad Server Configuration Disclosure
This signature detects attempts to download the site.csc configuration file for Microsoft Ad Server. Attackers can access sensitive information.
Extended Description
A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file (SITE.CSC) which contains sensitive information pertaining to an SQL database. The AdSamples directory is a part of the Ad Server component of Site Server which can be installed optionally. If the sample directory is installed and access controls are not applied, any user can read the site's SITE.CSC file. This file can may contain the DSN, username and password to access the Site Server's SQL database.
Affected Products
- Microsoft Site Server 3.0 i386
- Microsoft Site Server Commerce Edition 3.0 alpha
References
- BugTraq: 256
- CVE: CVE-1999-1520