| GEN:SID | 1:948 |
| Message | WEB-FRONTPAGE form_results access |
| Summary | This event is generated when an attempt is made to access a file with Microsoft Frontpage form results.
|
| Impact | If successful, the attacker can read sensitive data users have posted via forms within the Frontpage web.
|
| Detailed Information | On systems running Microsoft Frontpage Extensions on IIS or Apache web servers users can insert forms into web pages and have their data saved into a text file (/_private/form_results.txt) which can later be read or emailed to the user. If direct access to the file is possible, the attacker may read the sensitive data posted from the form.
|
| Affected Systems | All systems running FPSE.
|
| Attack Scenarios | An attacker can request the file from its standard location, entering the exact URL.
|
| Ease of Attack | Simple. No exploit software required.
|
| Corrective Action | Disable direct access to the file /_private/form_results.txt
Restrict access to the file using password protection.
|
| Additional References | |
| Rule References | cve: 1999-1052
|