Description
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection (7.1.4)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)
SharePoint CVE-2022-44690 Vulnerability (CVE-2022-44690)
Oracle Database Server CVE-2007-2116 Vulnerability (CVE-2007-2116)
Oracle Application Server Other Vulnerability (CVE-2005-3453)