CVE-2001-0004

CWE-4304 documents4 sources

Severity

5.0MEDIUM

EPSS

74.2%

top 1.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedFeb 12

Latest updateApr 30

Description

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-mr3v-pmm4-26v3: IIS 5↗2022-04-30

▶

CVEList

CVE-2001-0004: IIS 5↗2001-09-18

▶

📐Framework References

CWE

Deployment of Wrong Handler

▶