The vulnerability is classified as a critical information disclosure issue (CWE-200) . Its CVSS v2 score is a 5.0 (Medium severity), but it carries a critical . This means that while the potential damage is limited to a compromise of confidentiality (C:P), the attack is very easy to execute. It can be launched remotely over a network (AV:N), requires no authentication (AU:N), and has low complexity (AC:L) . As detailed by security databases, "the exploitability is told to be easy... No form of authentication is needed for exploitation."
If you are still maintaining a legacy ASP application, you should immediately perform the following checks: db main mdb asp nuke passwords r
Whether you need to from an old file or secure an active site . The vulnerability is classified as a critical information
Web servers must be configured to deny access to specific file types. In IIS, for example, Request Filtering should be used to block requests for database extensions ( .mdb , .sqlite , .bak ). It can be launched remotely over a network