CVE-2000-0114
published 2000-02-02CVE-2000-0114: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
47.59%
98.7th percentile
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_information_server | — | — |
| microsoft | internet_information_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Microsoft FrontPage Extensions - Information Disclosure
nuclei·CVSS 5.0
CVE-2000-0114 [MEDIUM] Microsoft FrontPage Extensions - Information Disclosure
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Template:
id: CVE-2000-0114
info:
name: Microsoft FrontPage Extensions - Information Disclosure
author: r3naissance,matejsmycka
severity: medium
description: |
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
impact: |
Unauthenticated attackers can discover the anonymous account name through RPC POST requests to FrontPage Server Extensions, providing reconnaissance information for further targeted attacks against the web server.
remediatio
2000-02-02
Published