CVE-2000-0884

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Published: Dec 19, 2000
Updated: Nov 9, 2025
CVE: CVE-2000-0884
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_services	5.0	5.0.x
microsoft / internet_information_server	4.0	4.0.x

http://www.osvdb.org/436
http://www.securityfocus.com/bid/1806
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44

Vulnerability Database

CVE-2000-0884

Deep Security Visibility Without the Complexity