CVE-2000-0631

3 documents3 sources

Severity

5.0MEDIUM

EPSS

48.4%

top 2.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedJul 14

Latest updateApr 30

Description

An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_services5.0

▶NVDmicrosoft/internet_information_server3.0, 4.0+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gm9r-p48q-qmx6: An administrative script from IIS 3↗2022-04-30

▶

CVEList

CVE-2000-0631: An administrative script from IIS 3↗2000-10-13

▶