Vulnerability Description
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Server | 4.0 |
| Microsoft | Internet Information Services | 5.0 |
References
- http://www.osvdb.org/436
- http://www.securityfocus.com/bid/1806
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.osvdb.org/436
- http://www.securityfocus.com/bid/1806
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2000-0884?
CVE-2000-0884 is a vulnerability with a CVSS score of 7.5 (HIGH). IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Ser...
How severe is CVE-2000-0884?
CVE-2000-0884 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0884?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Server, Microsoft Internet Information Services.