CodeBrws.asp Off-by-One Error in Microsoft IIS 5.0 Allows Source Code Disclosure

CVE-2002-1745 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

Learn more about our Cis Benchmark Audit For Microsoft Iis.