eEye SecureIIS versions 1.0.3 and previous versions allows a remote malicious user to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote malicious user to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eeye digital security secureiis 1.0.2 |
||
eeye digital security securells |