WEB-IIS view source via translate header
Microsoft Internet Information Services (IIS) 5.0 contains scripting engines to support various advanced files types such as .ASP and .HTR files. This permits the execution of server-side processing. IIS determines which scripting engine is appropriate to use depending on the file extension. If an attacker crafts a URL request ending in 'Translate: f' and followed by a slash '/', IIS fails to send the file to the appropriate scripting engine for processing. Instead, it returns the source code of the referenced file to the browser.
Microsoft IIS 5.0
Intelligence gathering. This attack may permit disclosure of the source code of files not normally available for viewing.
Some Microsoft applications make use of the 'Translate: f' header and may cause this rule to generate an event. These include applications that use WebDAV for publishing content on a webserver such as Microsoft Outlook Web Access (OWA).
An attacker can craft a URL to include the 'Translate: f' and followed by a '/' to disclose source code on the vulnerable server.
Apply the appropriate vendor supplied patch.