Description

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

Remediation

References

CVE-1999-0253

Related Vulnerabilities

WordPress Plugin Buzzwords Cross-Site Scripting (1.1.0)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

Moodle Improper Control of Generation of Code (Code Injection) (CVE-2019-14827)

MySQL CVE-2013-0386 Vulnerability (CVE-2013-0386)

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts Cross-Site Scripting (2.1.49)

Severity

High

Classification

CVE-1999-0253

Tags

Missing Update Known Vulnerabilities