Rapid7 Vulnerability & Exploit Database

Microsoft IIS WebDAV Permits ASP Source Retrieval

Back to Search

Microsoft IIS WebDAV Permits ASP Source Retrieval

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
01/18/2005
Created
07/25/2018
Added
01/18/2005
Modified
03/21/2018

Description

The WebDAV component is configured on this server to allow any Windows XP client (and impersonators) to retrieve the source of script files, such as .asp and .aspx through the WebDAV Mini Redirector. Source code disclosure could possibly yield sensitive information such as usernames and passwords.

Solution(s)

  • http-iis-webdav-source-retrieval

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;