Rapid7 Vulnerability & Exploit Database

IIS 7.0 Detailed Error Message Information Leak

Back to Search

IIS 7.0 Detailed Error Message Information Leak

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
05/09/2008
Created
07/25/2018
Added
05/09/2008
Modified
12/04/2013

Description

A detailed IIS 7.0 error message was discovered. Detailed error messages can include diagnostics, path and OS information, software versions, and other sensitive information of use to attackers. IIS 7.0 by default only shows detailed error messages to clients coming from the local server IP address, but developers often enabled remote detailed error messages when making and testing code changes.

Solution(s)

  • fix-spider-iis7-detailed-errmsgs-enabled

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;