Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Thursday, June 20, 2019 11:12 AM
Hi,
During security scan, security identified the vulnerabilities below. Can you please help me how to disable or restrict /_vti_inf.html
tp not to exploit the url?
The request URL(s) that were identified as being vulnerable are:
https://.../_vti_inf.html
The vulnerabilities associated with this ticket are:
The server utilizes FrontPage Server Extensions which have capabilities to remotely manage and publish web sites.
Knowledge is power.
Thursday, June 20, 2019 3:42 PM
Bad security scanning software. It is simply detecting the page and outputting the results. It's wrong.
Trevor Seward
Office Servers and Services MVP
Author, Deploying SharePoint 2016
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Friday, June 21, 2019 6:55 AM
Thanks Trevor. I just discussed with the security team regarding the same but they still want to remove/hide the page to not to expose to users. Please suggest.
Knowledge is power.
Friday, June 21, 2019 3:24 PM
Thanks Trevor. I just discussed with the security team regarding the same but they still want to remove/hide the page to not to expose to users. Please suggest.
Knowledge is power.
That's not supported; _vti_bin is used for both normal end user and by internal code. I would suggest opening a case with Microsoft so you can get an official word.
Trevor Seward
Office Servers and Services MVP
Author, Deploying SharePoint 2016
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Monday, June 24, 2019 6:53 AM
Hi Manoj,
If Trevor's reply helps you, please remember to mark it as an answer, it will be beneficial to others in the community who meet this similar issue in the future.
Thanks for your understanding.
Best Regards,
Lisa Chen
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
SharePoint Server 2019 has been released, you can click
here to download it.
Click
here to learn new features. Visit the dedicated
forum to share, explore and talk to experts about SharePoint Server 2019.