Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0246

4 documents4 sources

Severity

5.0MEDIUM

EPSS

83.6%

top 0.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Commercial Internet System Microsoft Internet Information Server Microsoft Internet Information Services +3 more

Timeline

PublishedMar 30

Latest updateApr 30

Description

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDmicrosoft/site3.0

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/proxy_server2.0

▶NVDmicrosoft/commercial_internet_system2.0, 2.5+1

▶NVDmicrosoft/internet_information_server4.0

🔴Vulnerability Details

GHSA

GHSA-2h2p-h37h-5phg: IIS 4↗2022-04-30

▶

CVEList

CVE-2000-0246: IIS 4↗2000-06-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0 - UNC Mapped Virtual Host↗2000-03-30

▶