Microsoft IIS is prone to an authentication-bypass vulnerability and a source-code disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to gain unauthorized access to password-protected resources and view the source code of files in the context of the server process this may aid in further attacks. Microsoft IIS 6.0 and 7.5 are vulnerable other versions may also be affected.
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability