WEB APPLICATION VULNERABILITIES Standard & Premium

Internet Information Services Other Vulnerability (CVE-2001-0004)

Description

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

Remediation

References

Related Vulnerabilities

WordPress Plugin ImportWP-Import any XML or CSV File into WordPress Security Bypass (1.1.5)

WebLogic CVE-2018-2935 Vulnerability (CVE-2018-2935)

Dotclear Improper Authentication Vulnerability (CVE-2014-3781)

WordPress Plugin Mobile Domain Multiple Vulnerabilities (1.5.2)

WordPress Plugin WooCommerce-GloBee Payment Gateway Security Bypass (1.1.1)

Severity

Medium

Classification

CVE-2001-0004

Tags

Missing Update Known Vulnerabilities