Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.10167
Percentile: 0.92767

CVSS Scoring

Mapped CWE(s)

• CWE-193 : Off-by-one Error

Affected Products

• cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

← Back to Home