Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0630

5 documents5 sources

Severity

5.0MEDIUM

EPSS

76.0%

top 1.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedJul 17

Latest updateApr 30

Description

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-4pcm-9qq9-65qc: IIS 4↗2022-04-30

▶

CVEList

CVE-2000-0630: IIS 4↗2000-10-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0 - Source Fragment Disclosure↗2000-07-17

▶

🔍Detection Rules

Suricata

GPL EXPLOIT .htr access↗2010-09-23

▶