Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0333 — Path Traversal in Microsoft Internet Information Server

12 documents4 sources
Severity
7.5HIGHNVD
EPSS
84.5%
top 0.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Information Server
Timeline
PublishedJun 27
Latest updateApr 30

Description

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j59q-fjq9-v929: Directory traversal vulnerability in IIS 5↗2022-04-30
â–¶
CVEList
CVE-2001-0333: Directory traversal vulnerability in IIS 5↗2001-09-18
â–¶

💥Exploits & PoCs

9
Exploit-DB
Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)↗2011-01-08
â–¶
Exploit-DB
Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (2)↗2001-05-16
â–¶
Exploit-DB
Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (7)↗2001-05-15
â–¶
Exploit-DB
Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (4)↗2001-05-15
â–¶
Exploit-DB
Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (3)↗2001-05-15
â–¶
CVE-2001-0333 — Path Traversal in Microsoft | cvebase