Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability

Bugtraq ID:	1814
Class:	Input Validation Error
CVE:	CVE-1999-0253
Remote:	Yes
Local:	Yes
Published:	Mar 19 1997 12:00AM
Updated:	Jul 11 2009 03:56AM
Credit:	Discovered by Weld Pond <[email protected]> on March 19, 1997.
Vulnerable:	Microsoft IIS 3.0 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0
Not Vulnerable:

Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability

Microsoft IIS will return the source code of various server side script files (such as ASP files) if the filename in the URL request contains a "%2e", the hex value for ".". For example, the following URL will display the source of the ASP file:

http://target/file%2easp

Source code disclosure could possibly yield sensitive information such as usernames and passwords.

Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability

References: