CVE-2002-1745

Name of the Vulnerable Software and Affected Versions Microsoft IIS version 5.0

Description The issue is related to an off-by-one error in the CodeBrws.asp sample script. This error allows remote attackers to view the source code for files with extensions containing one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

Recommendations For Microsoft IIS version 5.0, consider removing or restricting access to the CodeBrws.asp sample script until a fix is available. As a temporary workaround, restrict access to files with extensions that could be exploited by this issue.