Microsoft FrontPage Server Extensions Configuration Disclosure Scanner
This scanner detects the use of Microsoft FrontPage Server Extensions Configuration Disclosure in digital assets. Configuration files are accessible, exposing version details, directory paths, and other configurations due to a common misconfiguration on old IIS servers with FrontPage Server Extensions installed.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
2 weeks 7 hours
Scan only one
URL
Toolbox
-
Microsoft FrontPage Server Extensions are used to support, modify, and publish web pages created with Microsoft FrontPage and SharePoint Designer. These extensions were frequently installed on older Microsoft Internet Information Services (IIS) servers. The extensions enable the web server to host sites that utilize Microsoft's web technologies, especially those created using FrontPage. They are typically deployed by web developers and site administrators working within intranet environments or older internet-based websites. Despite their aged nature, some legacy systems may still employ these extensions, often due to the need to maintain older web architectures.
Configuration Disclosure vulnerabilities occur when sensitive configuration files are inadvertently exposed to unauthorized users. In the case of Microsoft FrontPage Server Extensions, these vulnerabilities allow access to configuration files such as service.cnf or access.cnf. Exposing these files may reveal internal configurations like directory paths, version numbers, and other potentially sensitive details. Such exposures commonly arise from misconfigurations or outdated security practices concerning legacy software.
Technical details of the vulnerability include exposed endpoints like /_vti_inf.html and /_vti_pvt/service.cnf, accessible to attackers. These files typically contain metadata such as vti_extenderversion and FPVersion, which can be used to understand the version of FrontPage extensions installed. Vulnerable parameters include those revealing directory paths or databases, which may assist attackers in crafting more targeted attacks. Such information disclosure can be crucial in the hands of a hacker seeking further access.
Exploiting this vulnerability can lead to unauthorized access and information leakage. Attackers may gather detailed configuration data about the target system, potentially leading to further exploits or data breaches. The disclosed paths and version information can assist malicious actors in launching attacks tailored to the detected software version. It may also allow adversaries to identify further vulnerabilities inherent in the software setup. Ultimately, this can result in compromised systems and exposure to additional security threats.
REFERENCES
