Rapid7 Vulnerability & Exploit Database

ASP Temporary File Source Code Disclosure Vulnerability

Back to Search

ASP Temporary File Source Code Disclosure Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
11/01/2004
Created
07/25/2018
Added
11/01/2004
Modified
07/31/2012

Description

Various text editors automatically save backups of each file the user chooses to open with file names such as: file.ext~, #file.ext#, file.ext.bak, file.ext.tmp, file.ext.old, file.bak file.tmp and file.old. If the user edits a ASP file in the web root, the backup that is created may not be parsed by the ASP interpreter upon request, but will instead be returned to the remote attacker unmodified. Thus, the script's source code is disclosed.

Solution(s)

  • remove-backup-web-files

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;