Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0457

4 documents4 sources

Severity

7.5HIGH

EPSS

84.4%

top 0.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedMay 11

Latest updateApr 30

Description

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-w5j6-fmxr-5fr8: ISM↗2022-04-30

▶

CVEList

CVE-2000-0457: ISM↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0 - Malformed Filename Request↗2000-05-11

▶