Intrusion Prevention



This indicates an attack attempt to exploit an information-disclosure vulnerability in Microsoft IIS.
The vulnerability is caused by an error when the vulnerable software handles a backward slash "\" appended to an ASP in an HTTP request. As a result, a remote attacker can read the source code of the ASP file by sending a crafted HTTP request.

Affected Products

Microsoft Site Server Commerce Edition 3.0 i386
Microsoft Site Server Commerce Edition 3.0 alpha
Microsoft Proxy Server 2.0
Microsoft IIS 5.0
Microsoft IIS 4.0 alpha
Microsoft IIS 4.0
Microsoft Commercial Internet System 2.5
Microsoft Commercial Internet System 2.0


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:

CVE References