Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0413

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0413
Last Modified 10 Sep 2008 03:04:36
Published 06 May 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0413

Summary

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Vulnerable Systems

Application

  • Microsoft Frontpage

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


References

BID - 1174

BUGTRAQ - 20000506 shtml.exe reveal local path of IIS web directory


Last Updated: 27 May 2016 10:35:42