Description
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5831 Vulnerability (CVE-2013-5831)
Apache HTTP Server Numeric Errors Vulnerability (CVE-2011-3607)
Sqlite Use After Free Vulnerability (CVE-2019-5018)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3385)
IBMHttpServer Observable Discrepancy Vulnerability (CVE-2023-32342)