Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0413

4 documents4 sources

Severity

5.0MEDIUM

EPSS

59.4%

top 1.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedMay 6

Latest updateApr 30

Description

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-jx68-8j6j-8v87: The shtml↗2022-04-30

▶

CVEList

CVE-2000-0413: The shtml↗2000-06-15

▶

💥Exploits & PoCs

Exploit-DB

FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure↗2000-05-06

▶