CVE-2000-0770

3 documents3 sources

Severity

6.4MEDIUM

EPSS

1.6%

top 18.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedOct 20

Latest updateApr 30

Description

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wcg-8pwm-v3gc: IIS 4↗2022-04-30

▶

CVEList

CVE-2000-0770: IIS 4↗2000-10-13

▶