There is a security hole in all versions of the Microsoft Internet Information Server. It allows a web browser to view the source code of your cgi and asp scripts. This can be very dangerous, because passwords and other sensitive data are often stored inside of these scripts, where browsers are not supposed to be able to go. You can fix the problem by making sure that all of your script files do not allow "read" access. For most scripts, simply enabling "execute" permissions will work. There is also a hot-fix available for IIS 3.0 and 4.0. You can find the hot-fix and other information about this serious security issue here.