CVE-2002-1744Microsoft IIS CodeBrws.ASP Directory Traversal Vulnerability

Microsoft IIS Version 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts directory (/IISSAMPLES).

The vulnerable script (CodeBrws.asp) does not adequately filter unicode representations of directory traversals. An attacker can break out of the sample script directory with a directory traversal attack.

Affected Versions:
Microsoft IIS 5.0

A remote attacker could exploit this vulnerability to map out the directory structure of the filesystem on a host running the vulnerable script.

Upgrade to the latest version of Microsoft IIS.

Workaround:
Remove the vulnerable sample 'CodeBrws.asp' script.