Test ID:	1.3.6.1.4.1.25623.1.0.10575
Category:	Web Servers
Title:	Microsoft IIS '.cnf' File Leakage Vulnerability - Active Check
Summary:	The IIS web server may allow remote users to read sensitive information; from .cnf files. This is not the default configuration.;; Example, http://example.com/_vti_pvt%5csvcacl.cnf, access.cnf,; svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf,; bots.cnf, linkinfo.cnf and services.cnf
Description:	Summary: The IIS web server may allow remote users to read sensitive information from .cnf files. This is not the default configuration. Example, http://example.com/_vti_pvt%5csvcacl.cnf, access.cnf, svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf, bots.cnf, linkinfo.cnf and services.cnf Solution: If you do not need .cnf files, then delete them, otherwise use suitable access control lists to ensure that the .cnf files are not world-readable by Anonymous users. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1717 BugTraq ID: 4078 http://www.securityfocus.com/bid/4078 Bugtraq: 20020210 This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP (Google Search) http://online.securityfocus.com/archive/1/255555 Bugtraq: 20020212 Re: This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP (Google Search) http://online.securityfocus.com/archive/1/256125 XForce ISS Database: iis-cnf-reveal-information(8174) https://exchange.xforce.ibmcloud.com/vulnerabilities/8174
Copyright	Copyright (C) 2003 John Lampe

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.