Summary
Microsoft IIS is prone to an authentication-bypass vulnerability and a source-code disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to gain unauthorized access to password-protected resources and view the source code of files in the context of the server process
this may aid in
further attacks.
Microsoft IIS 6.0 and 7.5 are vulnerable
other versions may also
be affected.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- HServer Webserver Multiple Directory Traversal Vulnerabilities
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
- Herberlin Bremsserver Directory Traversal Vulnerability