Microsoft IIS contains a flaw that allows a remote attacker to view the source of .asp files. The issue is due to IIS mapping all .htw files to be handled by Webhits.dll. By appending a space (%20) to the end of a filename or calling CiWebHitsFile as a variable, setting the "CiHiliteType" variable to "Full", and setting the "CiRestriction" variable to "None", the server will return the source of an .asp file.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Bugtraq ID: 1084 2269
• Exploit Database: 19830
• CVE ID: 2000-0302 (see also: NVD)
• ISS X-Force ID: 4227
• Keyword: CISADV000330
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0004.html
• Other Advisory URL: http://www.atstake.com/research/advisories/2000/adviissp.html
• CIAC Advisory: k-068
• Microsoft Security Bulletin: MS00-006

Unknown or Incomplete