CVE-2000-0884

critical

Description

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44

https://exchange.xforce.ibmcloud.com/vulnerabilities/5377

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078

http://www.securityfocus.com/bid/1806

http://www.osvdb.org/436

Details

Source: Mitre, NVD

Published: 2000-12-19

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics