漏洞类别:Web server漏洞等级: 
漏洞信息
If this is reported as a vulnerability, the "iissamples" directory is found present on your Microsoft IIS Web server.
If this is reported as a potential vulnerability, the "iissamples" directory is probably present, based on the HTTP error code.
This directory usually contains several IIS sample scripts, some of which are known to be vulnerable to various attacks.
Note: Even if unauthorized access to this directory is already denied, this vulnerability may still be reported because such access restriction does not necessarily change the HTTP error code (e.g., 403).
漏洞危害
If unauthorized access to this directory is not denied, malicious users can exploit vulnerable scripts in the "iissamples" directory to launch attacks against your Web server.
解决方案
The "iissamples" directory is usually not needed. It is recommended that you remove it or change the permissions to make it inaccessible to unauthorized users.
If you are sure you don't use this folder you can lock it with urlscan tool by adding in the [DenyUrlSequences] section :
/iissamples/ ;
It will forbid the access to iissamples directory.
More information about urlscan can be find at : Url scan documentation.
0day
文章评论