Vulnerability Details CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.46
EPSS Ranking 97.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606
- http://www.osvdb.org/8098
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606
- http://www.osvdb.org/8098
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058
Products affected by CVE-2000-0025
-
cpe:2.3:a:microsoft:internet_information_server:4.0
-
cpe:2.3:a:microsoft:site_server:3.0
-
cpe:2.3:a:microsoft:site_server_commerce:3.0