Vulnerability Details CVE-2000-0884
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.867
EPSS Ranking 99.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.osvdb.org/436
- http://www.securityfocus.com/bid/1806
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44
- http://www.osvdb.org/436
- http://www.securityfocus.com/bid/1806
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44
Products affected by CVE-2000-0884
-
cpe:2.3:a:microsoft:internet_information_server:4.0
-
cpe:2.3:a:microsoft:internet_information_services:5.0