Description
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-29701)
Ruby Improper Authentication Vulnerability (CVE-2007-5770)
CakePHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4399)
Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-33707)