Description
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (5.8.0)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5625)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0018)
Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)