Description
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-1870 Vulnerability (CVE-2006-1870)
Apache Tomcat Other Vulnerability (CVE-2008-0002)
MediaWiki Other Vulnerability (CVE-2023-37300)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4592)
WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)