CVE-2000-0071

8 documents5 sources
Severity
5.0MEDIUM
EPSS
71.4%
top 1.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Internet Information ServerMicrosoft Internet Information Services
Timeline
PublishedJan 11
Latest updateApr 30

Description

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-48f3-v7r7-48gh: IIS 42022-04-30
CVEList
CVE-2000-0071: IIS 42000-02-04
VulnCheck
Microsoft Internet Information Services (IIS) Exposure of Sensitive Information to an Unauthorized Actor2000

🔍Detection Rules

4
Suricata
GPL EXPLOIT ISAPI .idq attempt2010-09-23
Suricata
GPL EXPLOIT ISAPI .ida attempt2010-09-23
Suricata
GPL EXPLOIT ISAPI .idq access2010-09-23
Suricata
GPL EXPLOIT ISAPI .ida access2010-09-23