IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the Escape Character Parsing vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Internet_information_server | Microsoft | 4.0 | 4.0 |
Site_server | Microsoft | 3.0 | 3.0 |
Site_server_commerce | Microsoft | 3.0 | 3.0 |