Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft iis 安全扩展名输入验证漏洞
Vulnerability Description
当Microsoft Internet Information Services (IIS)与未明第三方上载应用程序同时使用时,远程攻击者可以借助一个包含":"和一个安全扩展名后的初始扩展名制造包含任意扩展名的空文件。例如上载一个.asp:.jpg文件导致创造一个空的.asp文件,与维持NTFS Alternate Data Streams (ADS)文件名语法相关。
CVSS Information
N/A
Vulnerability Type
N/A