IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

SolarWinds headquarters

IT Management

SolarWinds Updates Observability Platform for Better Visibility SolarWinds Updates Observability Platform for Better Visibility

byChannel Futures

Oct 3, 2024

1 Min Read

chatbot being used on a smartphone

AI & Machine Learning

Best Practices for Integrating Chatbots Into Your Business Best Practices for Integrating Chatbots Into Your Business

byIndustry Perspectives

Oct 2, 2024

5 Min Read

Recent in OS

See All OS

text says securing sshs access linux tutorial and shows cartoon padlock, laptop, and computer user

Ubuntu

How To Secure SSH Access on Ubuntu Servers (Video Tutorial)How To Secure SSH Access on Ubuntu Servers (Video Tutorial)

byGrant Knoetze

Oct 2, 2024

11 Min View

stacks of blocks in digital environment

Linux OS

Top 10 Stories About Compute Engines, Linux of 2024 So Far Top 10 Stories About Compute Engines, Linux of 2024 So Far

byITPro Today Staff

Jul 17, 2024

3 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

skills checklist

Career Tips

10 Most In-Demand Tech Skills: Microsoft Office Tops List 10 Most In-Demand Tech Skills: Microsoft Office Tops List

byNathan Eddy

Oct 5, 2024

10 Slides

5 job seekers sitting in chairs waiting for an interview

IT Management

How to Be Competitive in a Tight IT Employment Market How to Be Competitive in a Tight IT Employment Market

byJohn Edwards, InformationWeek

Oct 4, 2024

1 Min Read

Career

Recent in Career

See All Career Mgmt

skills checklist

Career Tips

10 Most In-Demand Tech Skills: Microsoft Office Tops List 10 Most In-Demand Tech Skills: Microsoft Office Tops List

byNathan Eddy

Oct 5, 2024

10 Slides

chat symbol icon talking to AI robot

AI & Machine Learning

AI Assistants Are Blabbing Our Embarrassing Work Secrets AI Assistants Are Blabbing Our Embarrassing Work Secrets

byThe Washington Post

Oct 5, 2024

5 Min Read

Storage

Recent in Storage

See All Data Storage

Word cloud in the shape of a robot, thematic of artificial intelligence, with the words "Generative AI" bigger

AI & Machine Learning

The Rise of Generative AI Fuels Focus on Data Quality The Rise of Generative AI Fuels Focus on Data Quality

byIndustry Perspectives

Sep 23, 2024

4 Min Read

a moving cloud shape with the words object storage inside

Data Storage

Maximize Cloud Efficiency: What Is Object Storage?Maximize Cloud Efficiency: What Is Object Storage?

byBrien Posey

Sep 10, 2024

7 Min Read

Security

Recent in Security

See All IT Security

text says securing sshs access linux tutorial and shows cartoon padlock, laptop, and computer user

Ubuntu

How To Secure SSH Access on Ubuntu Servers (Video Tutorial)How To Secure SSH Access on Ubuntu Servers (Video Tutorial)

byGrant Knoetze

Oct 2, 2024

11 Min View

ITPro Today's 2024 IT Priorities Report cover

Career Management

ITPro Today’s 2024 IT Priorities Report ITPro Today’s 2024 IT Priorities Report

byChristopher Tozzi

Sep 25, 2024

1 Min Read

Dev

Recent in Dev

See All Software Dev

human and robot fingers touching a cloud

Cloud Native

Path to Cloud-Native: How AI Is Lowering Barriers for Legacy Application Modernization Path to Cloud-Native: How AI Is Lowering Barriers for Legacy Application Modernization

byIndustry Perspectives

Sep 24, 2024

4 Min Read

power cord unplugged on top of calculator

IT Operations

How IT Leaders Can Assess and Evaluate Risk to Mitigate IT Outages How IT Leaders Can Assess and Evaluate Risk to Mitigate IT Outages

byIndustry Perspectives

Sep 19, 2024

6 Min Read

Recent in DX

See All Digital Transformation

chat symbol icon talking to AI robot

AI & Machine Learning

AI Assistants Are Blabbing Our Embarrassing Work Secrets AI Assistants Are Blabbing Our Embarrassing Work Secrets

byThe Washington Post

Oct 5, 2024

5 Min Read

chatbot being used on a smartphone

AI & Machine Learning

Best Practices for Integrating Chatbots Into Your Business Best Practices for Integrating Chatbots Into Your Business

byIndustry Perspectives

Oct 2, 2024

5 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

stacks of blocks in digital environment

Linux OS

Top 10 Stories About Compute Engines, Linux of 2024 So Far Top 10 Stories About Compute Engines, Linux of 2024 So Far

byITPro Today Staff

Jul 17, 2024

3 Min Read

birds migrating in the clouds

VMWare

How to Leverage Your VMware Migration to Redesign Your Infrastructure Architecture How to Leverage Your VMware Migration to Redesign Your Infrastructure Architecture

byChristopher Tozzi

May 3, 2024

5 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Microsoft 365
Cloud Computing
Cloud Services

Directory Listings can be Obtained From Microsoft IIS Server

Web servers that are running Microsoft IIS Server v5 and Index Server can be forced to expose directory and file listings of sensitive data.

Steve Manzuik

October 3, 2000

1 Min Read

Reported October 4, 2000 by @stake

VERSIONS AFFECTED

DESCRIPTIONMicrosoft Internet Information Server 5.0, with Microsoft Index Server installed has been found to be vulnerable to an exploit that allows unauthorized directory listings to be leaked.

DEMONSTRATION

It is important to note that Microsoft Index Server must be installed in order for this exploit to work. As provided by @stake, the following request could allow a malicious user to obtain directory listings from directories that are not normally available;

SEARCH /HTTP/1.1Host: 127.0.0.1Content-Type: text/xmlContent-Length: 133

Select "DAV:displayname" from scope ()

VENDOR RESPONSE

Microsoft has released a knowledge base article available at; http://www.microsoft.com/technet/support/kb.asp?ID=272079

It is also recommended that if Index Server is required that any sensitive files be stored on directories that are not indexed or have READ permissions removed.

CREDITDiscovered by @stake

About the Author

Steve Manzuik

See more from Steve Manzuik

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

ITPro Today's 2024 IT Priorities Report cover

Career Management

ITPro Today’s 2024 IT Priorities Report ITPro Today’s 2024 IT Priorities Report

byChristopher Tozzi

Sep 25, 2024

1 Min Read

a casually dressed it professionals is awkwardly projected on a video call screen in front of a large professional audience

Career Tips

My Manager Promised a Chill Meeting. I Got Ambushed Instead.My Manager Promised a Chill Meeting. I Got Ambushed Instead.

byDanielle Meinert

Sep 26, 2024

3 Min Read

a gavel at the center of a maze

Regulatory Compliance

Guide To Navigating the Legal Perils After a Cyber Incident Guide To Navigating the Legal Perils After a Cyber Incident

byIan Horowitz

Sep 20, 2024

7 Min Read

Exclusive ITPro Resources

ITPro Today’s 2024 IT Priorities Report
Sep 25, 2024
|
1 Min Read
Tech Careers: Quick Reference Guide to IT Job Titles
Sep 13, 2024
|
1 Min Read
Migrating From VMware: Guide to a Successful Transition
Sep 3, 2024
|
1 Min Read
Developing Immersive HoloLens Apps (Download Your Free Guide)
Aug 26, 2024
|
1 Min Read