Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0154

4 documents4 sources
Severity
5.0MEDIUM
EPSS
48.2%
top 2.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Internet Information ServerMicrosoft Internet Information Services
Timeline
PublishedDec 31
Latest updateApr 30

Description

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4xj7-h5hg-mjqp: IIS 22022-04-30
CVEList
CVE-1999-0154: IIS 22001-09-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure1997-02-20