CVE-2000-0025

3 documents3 sources

Severity

5.0MEDIUM

EPSS

46.0%

top 2.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Site Server Microsoft Site Server Commerce

Timeline

PublishedDec 21

Latest updateApr 30

Description

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/site3.0

▶NVDmicrosoft/internet_information_server4.0

🔴Vulnerability Details

GHSA

GHSA-34rm-j4gj-85h8: IIS 4↗2022-04-30

▶

CVEList

CVE-2000-0025: IIS 4↗2000-03-22

▶