Description

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

Remediation

References

CVE-2002-1745

Related Vulnerabilities

ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40886)

WordPress 2.2.2 Multiple Vulnerabilities (2.2 - 2.2.2)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13590)

Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758)

Oracle Database Server CVE-2011-0876 Vulnerability (CVE-2011-0876)

Severity

Medium

Classification

CVE-2002-1745

Tags

Missing Update Known Vulnerabilities