Description
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
Atlassian Confluence CVE-2023-22503 Vulnerability (CVE-2023-22503)
MySQL CVE-2014-4214 Vulnerability (CVE-2014-4214)
SharePoint CVE-2020-1501 Vulnerability (CVE-2020-1501)
Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 3.8.7)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16397)