IIS 4.0 and Site Server 3.0 allow remote malicious users to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft site server 3.0 |
||
microsoft internet information server 4.0 |
||
microsoft site server commerce 3.0 |