User-2072931759 posted
Greetings everyone,
I have a question about security scanners and cve-1999-0450. The accepted fix on the internet seems to be the following:
IISAPI mappings Edit -> Request Restrictions. - Check Invoke Handler only if request is mapped to FILE.
I have done this for all ISAPI modules but running the security scanner still shows this vulnerability. Does anyone have an idea what I am missing? It doesnt pass the path for HTTP requests but still seems to pass them for HTTPS requests
if I use the same URL with HTTPS.
Running HTTPS serviceProduct IIS exists -- Microsoft IIS 7.5HTTP GET request
to https://xx.xx.xxx.xx/scripts/non-existant-script-name.idq
70: </div>
71: <div id="details-right">
72: <table border="0" cellpadding="0" cellspacing="0">
73: <tr class="alt"><th>Requested URL</th><td>https://xx.xx.xxx.xx:...
74: ... Path</th><td>C:\inetpub\wwwroot\scripts\non-existant-script-name
Any help is much appreciated