Code: p101 Severity: Notice
Description: Microsoft SiteServer 3.0 ships with an optional AdSamples directory that demonstrates the use of the Ad Server component of Site Server. If this directory is left open, it could be possible for remote attackers to retrieve a "SITE.CSC" file, which may contain database DSN's, logins, and passwords. Impact: Microsoft SiteServer Corrective: Scan the web server with System Security Scanner to see if there are indications of unauthorized access. Check the access logs for indications of unauthorized access. If you do detect indications of unauthorized access, you should consider the system compromised and take appropriate action. Remove the AdSamples directory from all production Web servers.
|
