asp source code exposure

[jlehman () mail esignal com]

This was flagged as a high vulneribility form a 3rd party sourced perimeter scan. the exploit is 
http://server/file.asp:$DATA. The problem I am having is that onlyIIS 4 and earlier are supose to be vulnerable, I am 
running IIS 5. The web server is  up to date on Microsoft patches.  From an external internetconnection, a windows 
system using IE get an error 404, no vuln here. From windows with firefox, an attempt to save the source code is 
attempted, but fails to save. From Linux using firefox, I get the asp source code save to that system. I've been 
searching for a fix, but hava had no luck. help please



Jim