CVE-2000-0884

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Published: Dec 19, 2000
Updated: Apr 13, 2023
CVE: CVE-2000-0884
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_services	5.0	5.0.x
microsoft / internet_information_server	4.0	4.0.x

http://www.osvdb.org/436
http://www.securityfocus.com/bid/1806
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44

Vulnerability Database

289,599

CVE-2000-0884