Description
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
Remediation
References
Related Vulnerabilities
Moodle Configuration Vulnerability (CVE-2012-3392)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-7671)
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)
Artifactory CVE-2023-42508 Vulnerability (CVE-2023-42508)
ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4322)