Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0884

17 documents6 sources

Severity

7.5HIGH

EPSS

84.1%

top 0.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedDec 19

Latest updateApr 30

Description

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-3gpv-hgg9-gfg5: IIS 4↗2022-04-30

▶

CVEList

CVE-2000-0884: IIS 4↗2001-01-22

▶

VulnCheck

Microsoft IIS 4.0 and 5.0 Folder Traversal Vulnerability↗2000

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)↗2000-11-18

▶

Exploit-DB

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (7)↗2000-11-18

▶

Exploit-DB

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (9)↗2000-11-18

▶

Exploit-DB

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (6)↗2000-11-18

▶

Exploit-DB

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (2)↗2000-10-21

▶

🔍Detection Rules

Suricata

GPL EXPLOIT unicode directory traversal attempt↗2010-09-23

▶

Suricata

GPL ATTACK_RESPONSE file copied ok↗2010-09-23

▶

Suricata

GPL EXPLOIT unicode directory traversal attempt↗2010-09-23

▶

Suricata

GPL EXPLOIT unicode directory traversal attempt↗2010-09-23

▶