漏洞类别:Web server漏洞等级: 
漏洞信息
The Microsoft IIS Web server discloses its absolute path when responding to a request for a non-existent URL that would be interpreted by Perl (perl.exe).
漏洞危害
By exploiting this vulnerability, unauthorized users can exploit the absolute path of the Web server to implement further attacks.
解决方案
As a workaround, set up a customized error message that does not display the absolute path of the requested filename.
In IIS4 and above, you can configure it to check for the existence of a file before it returns an error message. In IIS4: Preferences -> Home directory -> Application select "Check if file exists" for all IISAPI mappings registered Also, remove all unused mappings.
0day
文章评论