IIS .bat and .cmd Bug contents.gifindex.gif

IIS .bat and .cmd Bug

The scan engine was able to exploit the .bat and .cmd bug in the Microsoft Internet Information Server. These bugs allow a potential intruder to execute commands on the WWW host.

Risk: High

Fix: Disable .BAT and .CMD file extensions for external CGI scripts in the mapping feature of the IIS WWW server.