Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0886

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0886
Last Modified 10 Sep 2008 03:06:04
Published 19 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0886

Summary

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

Vulnerable Systems

Application

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


References

MS - MS00-086

BUGTRAQ - 20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

XF - iis-invalid-filename-passing(5470)

BID - 1912


Last Updated: 27 May 2016 10:35:54