VDB
CVE-2000-0884
CVE-2000-0884
PUBLISHED
CVSS 7.5 HIGH
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
EPSS 84.07% · 99.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
84.07%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | internet_information_services | 5.0 |
| microsoft | internet_information_server | 4.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- MS00-078 (circl)
- iis-unicode-translation(5377) (circl)
- 1806 (circl)
- 436 (circl)
- oval:org.mitre.oval:def:44 (circl)
- GPL WEB_SERVER unicode directory traversal attempt [disabled] (emergingthreats)
- GPL WEB_SERVER unicode directory traversal attempt [disabled] (emergingthreats)
- GPL EXPLOIT unicode directory traversal attempt (emergingthreats)
- GPL EXPLOIT unicode directory traversal attempt (emergingthreats)
- GPL EXPLOIT unicode directory traversal attempt (emergingthreats)
…and 5 more exploits
Timeline
- Dec 19, 2000 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Feb 13, 2024 EPSS Score
References
- oval:org.mitre.oval:def:44 vdb
- MS00-078 vendor-advisory
- iis-unicode-translation(5377) vdb
- 1806 vdb
- 436 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2000-0884 advisory