Description
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
SharePoint Resource Management Errors Vulnerability (CVE-2015-0086)
WordPress Plugin Sponsors Carousel Cross-Site Scripting (4.02)
WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)
phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)
WordPress Plugin MPL-Publisher-Create your Ebook & Audiobook Cross-Site Scripting (1.29.1)