CVE-2000-0025 Information

Description

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com .exe .sh .cgi or .dll aka the \Virtual Directory Naming\ vulnerability.

Reference

http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606 http://www.osvdb.org/8098 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058