Description
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5810 Vulnerability (CVE-2013-5810)
Oracle JRE CVE-2012-4681 Vulnerability (CVE-2012-4681)
WordPress Plugin WHIZZ Cross-Site Scripting (1.0.7)
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1169)
WordPress Plugin WP-Matomo (WP-Piwik) Cross-Site Scripting (1.0.4)