VDB
CVE-2000-0457
CVE-2000-0457
PUBLISHED
CVSS 7.5 HIGH
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
EPSS 84.39% · 99.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
84.39%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| microsoft | internet_information_services | 5.0 |
| microsoft | internet_information_server | 4.0 |
Exploit Intelligence
- 20000511 Alert: IIS ism.dll exposes file contents (circl)
- MS00-031 (circl)
- iis-ism-file-access(4448) (circl)
- 1193 (circl)
Timeline
- May 11, 2000 CVE Published
- Feb 4, 2022 EPSS Score
- Apr 30, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Jul 18, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
References
- 20000511 Alert: IIS ism.dll exposes file contents mailing-list
- MS00-031 vendor-advisory
- iis-ism-file-access(4448) vdb
- 1193 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2000-0457 advisory