Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0778

6 documents5 sources
Severity
5.0MEDIUM
EPSS
78.6%
top 0.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedOct 20
Latest updateApr 30

Description

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-28xm-3c4m-c8r4: IIS 52022-04-30
CVEList
CVE-2000-0778: IIS 52000-10-13

💥Exploits & PoCs

2
Exploit-DB
Microsoft IIS 5.0 - 'Translate: f' Source Disclosure (2)2000-08-14
Exploit-DB
Microsoft IIS 5.0 - 'Translate: f' Source Disclosure (1)2000-08-14

🔍Detection Rules

1
Suricata
GPL WEB_SERVER global.asa access2010-09-23
CVE-2000-0778 (MEDIUM CVSS 5) | IIS 5.0 allows remote attackers to | cvebase.io