Description
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.5.x Session Hijacking (1.5.0 - 1.5.8)
WordPress Plugin Homepage SlideShow 'upload.php' Arbitrary File Upload (2.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2355)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-32730)
WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (6.0.26)