Code: p1196 Severity: Warning
Description: This event is generated when an attempt is made to access /iisprotect/admin on a host running Microsoft Internet Information Server (IIS). Impact: An attacker may be able to perform administrative tasks on the server without authorization and may be able to manipulate the database that IISProtect by injecting and executing SQL statements. Corrective: Upgrade to the latest non-affected version of the software. Check the host for signs of compromise. Disallow access to the IISProtect administration site from sources external to the protected network.
|
