Intrusion Prevention

ASP.Data.File.Access

Description

It indicates an attempt to access the source code of an Active Server Pages (ASP) page on a Microsoft Internet Information Service (IIS) server.
There exists a vulnerability in IIS 3.0 and IIS 4.0 that allows the contents of the ASP file to be disclosed when the file name is appended, with "::$DATA", to the URL.

Affected Products

Any unprotected IIS 3.0, 4.0 is vulnerable to the attack.

Impact

Attackers can obtain the source code of ASP files and may learn critical information about the victim system.

Recommended Actions

Upgrade the IIS server to the latest non-vulnerable version or apply patch MS98-003.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	12442
Created	Sep 11, 2006
Updated	Aug 29, 2022
Risk
CVE ID	CVE-1999-0278
Exploit Prediction Score	90.53%
Default Action	drop
Active
Affected OS	Windows
Affected App	IIS

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

ASP.Data.File.Access

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

ASP.Data.File.Access

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center