Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft IIS畸形文件扩展名绕过安全限制漏洞
Vulnerability Description
Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS服务器错误的执行了带有多个扩展名的文件中所包含的ASP代码。例如,malicious.asp;.jpg被执行为了ASP文件。很多文件上传程序仅检查文件扩展名的最后部分,因此这可能导致绕过保护机制向服务器上传恶意可执行文件。
CVSS Information
N/A
Vulnerability Type
N/A