Article ID: 118040, created on Oct 18, 2013, last review on May 10, 2014

  • Applies to:
  • Operations Automation 5.4

Symptoms

A customer has uploaded an ASP script that uses FileSystemObject(FSO) component, which can access the webserver's filesystem, and can cause security violation.

Cause

The security breach is possible if the domain user group IISAnonusers has access to the following folders and files:

  • C:\
  • C:\Windows
  • C:\Windows\Microsoft.NET
  • C:\Windows\System32\drivers\etc
  • C:\Windows\System32\inetsrv\Config
  • C:\Windows\SysWOW64\inetsrv\Config

Resolution

  1. Configure permissions as in KB article #114277

  2. A request for the above permissions to be assigned automatically was submitted with ID POA-71320

Search Words

ASP

FileSystemObject component

FSO

Classic ASP

FileSystemObject

ac82ce33439a9c1feec4ff4f2f638899 caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF