0

I am dealing with a security report from an external contractor, in which there is a finding labeled as a medium risk.

It is titled IIS .cnf file leakage.

This is somewhat confusing to me, since the external partner found it on Port 500 UPD. He recommends deleting them if I do not need them, otherwise secure them from anonymous access through the web.

I searched the server for _vti_pvt folders and found one in every SPWebApplication on my IIS.

You can find them on your %SPPath%/VirtualDirectories/[Portnumber]/. For example

C:\inetpub\wwwroot\wss\80\_vti_pvt\*.cnf

I then fired a simple http get request to the public facing domain www.somesharpointportaladdress.com/_vti_pvt/services.cnf and really got a 200 OK response. I can view the file contents in the browser.

My question here is: Is it safe to delete those files? (are they crucial?) If not, what is the best way to secure them from anonymous access?

Improve this question

1 Answer 1

Reset to default
0

First: Do not delete anything from the filesystem of a SharePoint-Installation

Second: If the Folder is there, there will be a reason for it. Since the port is 500 UDP, I guess it will not be accessable from the web. Usually from the web only the ports 80 or 443 (both TCP) are accessable to webservers (depends on your Firewall Settings).

Improve this answer
3
  • Read my second but last paragraph: this folder and its contents are accessible from the web. Commented Jun 22, 2015 at 8:08
  • If you Access it by web, it is not port 500. However, UDP 500 is a well-known-port, usually reserved for ISAKMP. You will enter unsupported regions if you do anything in the filesystem or the webservice itself. In my opinion you will have to trust the standard-product SharePoint here that everything is ok. Or request Support from MS itself, as you won´t be able to guarantee working of your farm for now and in future. Commented Jun 22, 2015 at 8:15
  • I havent claimed port 500 is by web. The contractor noted it on his report. The comment to open a call with MSFT however might be the way to go here. Commented Jun 22, 2015 at 8:17

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.