Description
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
Remediation
References
Related Vulnerabilities
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8864)
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)
Atlassian Confluence Incorrect Default Permissions Vulnerability (CVE-2017-9505)
Apache Tomcat CVE-2012-5568 Vulnerability (CVE-2012-5568)
WordPress Plugin Pinterest 'Pin It' Button Multiple Unspecified Vulnerabilities (1.3.1)