Rule Document 1:990

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER Microsoft Frontpage _vti_inf.html access

Rule Explanation

This event is generated when an attempt is made to access a file with '_vti_inf' in the name. Impact: Information gathering. This attack can leak the version number and scripting paths of Microsoft FrontPage. Details: Microsoft FrontPage provides software for web designers to generate and administer web pages. The file '_vti_inf.html' contains FrontPage configuration information of version number and scripting paths that is normally used by a FrontPage client to communicate with the server. An attacker can craft a URL to access this file to disclose the version number and scripting paths. Ease of Attack: Simple.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Original rule writer unknown Modified by Brian Caswell Cisco Talos Judy Novak

Rule Groups

No rule groups

CVE

CVE-2002-1717

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2002-1717
 Loading description