Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0408

4 documents4 sources

Severity

5.0MEDIUM

EPSS

74.0%

top 1.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedMay 11

Latest updateApr 30

Description

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_services5.0

▶NVDmicrosoft/internet_information_server4.0

🔴Vulnerability Details

GHSA

GHSA-wx3j-8h4r-qj57: IIS 4↗2022-04-30

▶

CVEList

CVE-2000-0408: IIS 4↗2000-07-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0 - Malformed File Extension Denial of Service↗2000-05-11

▶