3 matches found
CVE-2009-4444
Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...
CVE-2009-4444
CVE-2009-4444 affects Microsoft IIS 5.x and 6.x. The issue arises from IIS parsing the filename only up to the first semicolon (;) to determine the file extension, enabling a bypass of extension-based upload restrictions. An attacker can craft a filename such as (1) ".asp", (2) ".cer", or (3) ".a...
Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)
A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...