IIS has been alerted to the claim of a new security issue in IIS 6 and I wanted to explain the issue and our position on it. The issue in question affects only IIS 6 (Windows Server 2003) and arises when you send a URL with a semi-colon in it. IIS 6 uses
Read More...
Read the complete post at http://blogs.iis.net/nazim/archive/2009/12/29/public-disclosure-of-iis-security-issue-with-semi-colons-in-url.aspx