CVE-2003-0332 Information

Description

The ISAPI extension in BadBlue 1.7 through 2.2 and possibly earlier versions modifies the first two letters of a filename extension after performing a security check which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html http://marc.info/?l=bugtraq&m=105346382524169&w=2