cbcvebase.
CVE-2000-0302
published 2000-03-31

CVE-2000-0302: Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the…

PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
78.43%
99.5th percentile
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftindex_server

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://target/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full
path/null.htw
filenamewebhits.dll
  • Detect HTTP requests to null.htw containing the CiWebHitsFile parameter with a trailing %20 appended to a filename, which is the exploit trigger for ASP source disclosure.
  • Alert on any HTTP GET request URI matching the pattern: /null.htw?CiWebHitsFile=*%20& — the %20 trailing the filename in CiWebHitsFile is the key exploit indicator.
  • Monitor for requests combining CiWebHitsFile (with %20-suffixed filename), CiRestriction=none, and CiHiliteType=Full as a high-confidence exploit signature.
  • ·The attack is possible on any IIS host with Index Server installed, even if no legitimate .htw files exist, because null.htw is a virtual in-memory file — absence of .htw files on disk does NOT indicate the system is safe.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.