CVE-2000-0884

EPSS 72.7%

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Affected products

n/a · n/a

public PoCs found — 9

exploitdbwww.exploit-db.com/exploits/20298unverified exploitdbwww.exploit-db.com/exploits/20299unverified exploitdbwww.exploit-db.com/exploits/20300unverified exploitdbwww.exploit-db.com/exploits/20301unverified exploitdbwww.exploit-db.com/exploits/20302unverified exploitdbwww.exploit-db.com/exploits/189unverified exploitdbwww.exploit-db.com/exploits/191unverified exploitdbwww.exploit-db.com/exploits/192unverified exploitdbwww.exploit-db.com/exploits/190unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078 https://exchange.xforce.ibmcloud.com/vulnerabilities/5377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44 http://www.osvdb.org/436 http://www.securityfocus.com/bid/1806