Description
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)
PHP Improper Access Control Vulnerability (CVE-2015-8838)
Oracle HTTP Server Use After Free Vulnerability (CVE-2019-10082)
PHP Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2010-4657)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5885)