English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 134041 CVE descriptions
and 69903 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10577
Category:Web Servers
Title:Check for bdir.htr files
Summary:The file bdir.htr is a default IIS files which can give;a malicious user a lot of unnecessary information about ;your file system. Specifically, the bdir.htr script allows;the user to browse and create files on hard drive. As this;includes critical system files, it is highly possible that;the attacker will be able to use this script to escalate;privileges and gain 'Administrator' access.;;Example,;http://target/scripts/iisadmin/bdir.htr??c:
Description:Summary:
The file bdir.htr is a default IIS files which can give
a malicious user a lot of unnecessary information about
your file system. Specifically, the bdir.htr script allows
the user to browse and create files on hard drive. As this
includes critical system files, it is highly possible that
the attacker will be able to use this script to escalate
privileges and gain 'Administrator' access.

Example,
http://target/scripts/iisadmin/bdir.htr??c:

Solution:
If you do not need these files, then delete them,
otherwise use suitable access control lists to ensure that
the files are not world-readable.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 2280
CopyrightCopyright (C) 2003 John Lampe....j_lampe@bellsouth.net

This is only one of 69903 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2018 E-Soft Inc. All rights reserved.