From aldeid
Jump to navigation Jump to search

WEB-IIS view source via translate header


Microsoft Internet Information Services (IIS) 5.0 contains scripting engines to support various advanced files types such as .ASP and .HTR files. This permits the execution of server-side processing. IIS determines which scripting engine is appropriate to use depending on the file extension. If an attacker crafts a URL request ending in 'Translate: f' and followed by a slash '/', IIS fails to send the file to the appropriate scripting engine for processing. Instead, it returns the source code of the referenced file to the browser.

Affected systems

Microsoft IIS 5.0


Intelligence gathering. This attack may permit disclosure of the source code of files not normally available for viewing.

False positives

Some Microsoft applications make use of the 'Translate: f' header and may cause this rule to generate an event. These include applications that use WebDAV for publishing content on a webserver such as Microsoft Outlook Web Access (OWA).


An attacker can craft a URL to include the 'Translate: f' and followed by a '/' to disclose source code on the vulnerable server.


This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Corrective actions

Apply the appropriate vendor supplied patch.