Description

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Remediation

References

CVE-2000-0024

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3058)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9061)

WordPress Plugin Redux Framework Multiple Cross-Site Scripting Vulnerabilities (3.6.0.2)

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1340)

OpenSSL Other Vulnerability (CVE-2014-5139)

Severity

Medium

Classification

CVE-2000-0024

Tags

Missing Update Known Vulnerabilities