| VID |
21112 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Microsoft's IIS 3.0 server installed with the hot-fix to solve the ASP Dot vulnerability allows remote intruders to read source code for ASP programs by using a '%2e' instead of a '.' (dot) in the URL. |
| Recommendation |
Upgrade to IIS 4.0, which fixes this problem. |
| Related URL |
CVE-1999-0253 (CVE) |
| Related URL |
1814 (SecurityFocus) |
| Related URL |
621 (ISS) |
|
