Description
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
Remediation
References
Related Vulnerabilities
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1324)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)
XWikiplatform Other Vulnerability (CVE-2024-46979)
Mailman Other Vulnerability (CVE-2005-0080)
Internet Information Services Other Vulnerability (CVE-1999-0154)