Description
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
Remediation
References
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.24)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-2180)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2009-4030)
PostgreSQL Resource Management Errors Vulnerability (CVE-2007-4772)
WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)