Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0457

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0457
Last Modified 10 Sep 2008 07:55:31
Published 11 May 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0457

Summary

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Vulnerable Systems

Application

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


References

XF - iis-ism-file-access(4448)

BID - 1193

MS - MS00-031

BUGTRAQ - 20000511 Alert: IIS ism.dll exposes file contents


Last Updated: 27 May 2016 10:35:43