Description
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0333)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1102)
WordPress 5.5.x PHP Object Injection (5.5 - 5.5.4)
WordPress Plugin Business Hours Indicator Cross-Site Scripting (2.3.4)
WordPress Plugin Slider Revolution Responsive Local File Inclusion (4.1.4)