Description
IISv5 has a "Hit-highlighting" functionality that opens some site object and highlights some part of it, that has had a transversal vulnerability in the past. Now it can be used to bypass the IIS authentication.
Remediation
Protect the files from the NTFS filesystem instead of relying on the
IIS protection.
Microsoft recommends not to use IISv5 and update to IISv6.
References
Related Vulnerabilities
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)
Joomla! Core 3.9.x Information Disclosure (3.9.0 - 3.9.22)
WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)