Get a quote

Vulnerability Fixation
Frontpage Extensions Enabled

Book a Free Consultation

Frontpage Extensions Enabled

Vulnerability

Why use FrontPage extensions?

Microsoft FrontPage simplifies web authoring, managing, and serving tasks. The extensions work through CGI (Common Gateway Interface), ISAPI (Internet Server Application Program Interface), and HTTP.

They allow the Microsoft FrontPage client to transfer and manage files directly without FTP.

They also enable FrontPage-specific features to website visitors' browsers with no additional coding required by the developer.

What are FrontPage server extension vulnerabilities?
  • Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll can allow remote attackers to execute
    arbitrary code or create new accounts.
  • SmartHTML interpreter (shtml.dll) vulnerability can cause denial of service due to specific requests.
  • Buffer overflow in shtml.dll may allow DoS attacks or remote code execution.
Solution:

Disable FrontPage Extensions:

  • Access the Hosting Control Panel
  • Click on the Site Center button
  • Click on FrontPage Extensions
  • Click on the Disable button
  • Confirm that FrontPage extensions are disabled

Other preventive actions:

  • Secure user accounts
  • Set proper permissions
  • Keep software updated with the latest patches and hotfixes
  • Use SSL (Secure Sockets Layer) for authoring
  • Enable logging
  • Set IP restrictions on FrontPage extensions directories
  • Move FrontPage Server Extensions binaries to a more secure location (not on system partition)

Also Read :

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More