vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).Referenceshttp://www.securityfocus.com/bid/2975http://www.iss.net/security_center/static/6769.phphttp://online.securityfocus.com/archive/1/194418
