Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability

A flaw exists in the handling of .asp requests. Typically when a request is made for an .asp file, IIS will identify that it is a script and run it as such. However if the host is formatted with a FAT file system and a request is made with an .asp Unicode encoded file extension, IIS may not handle the request properly and return the source code of the file.


Privacy Statement
Copyright 2010, SecurityFocus