Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0413


Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0413
Last Modified 10 Sep 2008 03:04:36
Published 06 May 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Vulnerable Systems


  • Microsoft Frontpage

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


BID - 1174

BUGTRAQ - 20000506 shtml.exe reveal local path of IIS web directory

Last Updated: 27 May 2016 10:35:42