Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0886

5 documents5 sources

Severity

7.5HIGH

EPSS

89.2%

top 0.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedDec 19

Latest updateApr 30

Description

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-8x76-gx9r-885w: IIS 5↗2022-04-30

▶

CVEList

CVE-2000-0886: IIS 5↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0 - Executable File Parsing↗2000-11-06

▶

🔍Detection Rules

Suricata

GPL EXPLOIT .cmd executable file parsing attack↗2010-09-23

▶