Description
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Remediation
References
Related Vulnerabilities
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053)
WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (3.9.2)
WordPress Plugin user files Arbitrary File Upload (2.4.2)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)