Description
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)
OpenSSL Resource Management Errors Vulnerability (CVE-2011-4109)
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)
WordPress Plugin Travelpayouts:All Travel Brands in One Place Cross-Site Request Forgery (1.0.16)