CVE-2000-0024

3 documents3 sources

Severity

6.4MEDIUM

EPSS

12.0%

top 6.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Site Server Microsoft Site Server Commerce

Timeline

PublishedDec 21

Latest updateApr 30

Description

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDmicrosoft/site3.0

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/internet_information_server4.0

🔴Vulnerability Details

GHSA

GHSA-h3mj-3v87-42wc: IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape charac↗2022-04-30

▶

CVEList

CVE-2000-0024: IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape charac↗2000-04-25

▶