漏洞类别:Web server漏洞等级: 
漏洞信息
The Microsoft IIS Web server discloses its absolute path when responding to a request for a non-existent ida or idq file.
漏洞危害
By exploiting this vulnerability, unauthorized users can exploit the absolute path of the Web server to implement further attacks.
解决方案
As a workaround, set up a customized error message that does not display the absolute path of the requested filename.
Serve these files from a location other than a network share.
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1000750: MS06-053 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting (.ida .idq)
0day
文章评论