GCVE-VVD-CERTCC-2000-28565 — Vulnetix

Try Vulnetix Request Demo

GCVE-VVD-CERTCC-2000-28565

Advisory Published

Vulnetix · Advisory published July 14, 2000

A vulnerability exists in Microsoft Internet Information Server (IIS) that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type files file might include user credentials for access to a back-end database. This is a variation of the vulnerability previously discussed in VU#35085 and Microsoft Security Bulletin MS00-031.

Download JSON Open in Console

Risk Scores

certcc-cam

certcc-cam

impact7population11exploitation0widely_known20score_current13.167ease_of_exploitation19

Aliases

Transitive aliases

GHSA-4pcm-9qq9-65qc GSD-2000-0630

References

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

advisory

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

advisory

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

advisory

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

url

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON