COMMAND

    asp

SYSTEMS AFFECTED

    Win NT with asp

PROBLEM

    Marco Miltenburg  found following.   When a  directory  containing
    .asp files contains the period,  the ASP code is not  executed but
    simply shown to the user. Examples:

        http://www.test.com/www.directory.com/sample.asp
        http://www.test.com/www.com/sample.asp
        http://www.ourserver.com/www.jones.com/hello.asp
        http://www.ourserver.com/www.jones.net/hello.asp
        http://www.ourserver.com/www.micha/hello.asp
        http://www.ourserver.com/blah.blah/hello.asp

    where  www.directory.com  or  www.com  is  a directory in the root
    directory  of  the  wwwroot  shows  the  source code of that file.
    Daniel Katz discovered the same problem, with one caveat.  If  the
    drive is FAT, it sends the  data to the user, as Marco  describes.
    If the drive is  NTFS and the permissions  are set to everyone  on
    the  directory,  the  source  will  display.   Only  if  there are
    restricted permissions will it ask for a password.

SOLUTION

    Nothing yet.