ASP.Data.File.Access
Description
It indicates an attempt to access the source code of an Active Server Pages (ASP) page on a Microsoft Internet Information Service (IIS) server.
There exists a vulnerability in IIS 3.0 and IIS 4.0 that allows the contents of the ASP file to be disclosed when the file name is appended, with "::$DATA", to the URL.
Affected Products
Any unprotected IIS 3.0, 4.0 is vulnerable to the attack.
Impact
Attackers can obtain the source code of ASP files and may learn critical information about the victim system.
Recommended Actions
Upgrade the IIS server to the latest non-vulnerable version or apply patch MS98-003.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |