Description

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

Remediation

References

CVE-2001-0004

Related Vulnerabilities

Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-2922)

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5499)

Wordpress Plugin Backup Migration Files or Directories Accessible to External Parties Vulnerability (CVE-2023-6266)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

Severity

Medium

Classification

CVE-2001-0004

Tags

Missing Update Known Vulnerabilities