Microsoft Index Server allows remote malicious users to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft index server 2.0 |