ZDNet: IIS, Site Server vulnerable to hackersMay 10, 1999, 10:48 (0 Talkback[s])
(Other stories by Mary Jo Foley)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"A security problem involving Microsoft Corp.'s Internet Information Server (IIS) and Site Server products leaves data and files stored on those products vulnerable to hackers, according to WebTrends Corp., an Internet reporting and management vendor.
Three sample Active Server Pages (ASP) tools which ship as part of IIS and Site Server are the culprits, according to Microsoft and WebTrends. The default configurations of IIS and Site Server install the showcode.asp, viewcode.asp and codebrws.asp pages without proper access-control settings."
"Friday, security experts at the L0pht also issued an advisory on the problem. 'For e-commerce servers this puts transaction logs, credit card numbers and customer information potentially at risk. There is even e-commerce shopping cart software that stores administrative passwords in the clear in text files,' the L0pht advisory said."
0 Talkback[s] (click to add your comment)