Vulnerability in N/a
CVE-2009-4444
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of thir…
EPSS: 0.586 (98.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 37460 (vdb-entry, x_refsource_BID)
- 1023387 (vdb-entry, x_refsource_SECTRACK)
- blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis… (x_refsource_MISC)
- 37831 (x_refsource_SECUNIA, third-party-advisory)
- soroush.secproject.com/downloadable/iis-semicolon-report.pdf (x_refsource_MISC)
- ADV-2009-3634 (vdb-entry, x_refsource_VUPEN)