CVE-2001-0709
published 2001-09-20CVE-2001-0709: Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
35.56%
98.3th percentile
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_information_server | <= 4.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Encoding Error
mitre_cwe
CWE-172 Encoding Error
CWE-172: Encoding Error
The product does not properly encode or decode the data, resulting in unexpected values.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an e
CWE
Improper Handling of Unicode Encoding
mitre_cwe
CWE-176 Improper Handling of Unicode Encoding
CWE-176: Improper Handling of Unicode Encoding
The product does not properly handle when an input contains Unicode encoding.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
[Architecture and Design] Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input,
2001-09-20
Published