Home » Hacking News » Microsoft IIS 5.1 Frontpage Server Extensions File Source Disclosure Vulnerab
Microsoft IIS 5.1 Frontpage Server Extensions File Source Disclosure Vulnerab
by Nikola Strahija on February 14th, 2002 An issue in IIS has been reported which could allow for a remote attacker to reveal the source of a Frontpage Server Extension file. Allegedly, submitting a request using '../' character sequences followed by the path to a known FPSE file, will cause the host to reveal the source of the requested file.
Microsoft has not confirmed the existence of these vulnerabilities.
* Confliciting details exist. This issue may be the result of a configuration error, although this has not been confirmed
Remote: Yes
Exploit: No exploit code required.
Vulnerable: Microsoft IIS 5.1