ID CVE-2000-0884
Summary IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2011-05-16T04:02:59.232-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Sudhir Gandhe
    organization Telos
  • name Shane Shaffer
    organization G2, Inc.
description IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
family windows
id oval:org.mitre.oval:def:44
status accepted
submitted 2003-10-10T12:00:00.000-04:00
title IIS Web Server Folder Traversal
version 31
refmap via4
bid 1806
bugtraq 20001017 IIS %c1%1c remote command execution
ms MS00-078
osvdb 436
xf iis-unicode-translation(5377)
saint via4
bid 1806
description IIS Unicode Directory Traversal
id web_server_iis_unicode
osvdb 436
title iis_unicode_traversal
type remote
Last major update 30-10-2018 - 16:25
Published 19-12-2000 - 05:00
Back to Top