CVE-2000-0413

Published: May 6, 2000Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Affected (3)

Products: Microsoft: Frontpage, Internet Information Server, Internet Information Services

3 products

Internet Information Server

Internet Information Services

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Frontpage	All versions
Microsoft Internet Information Server	Version 4.0
Microsoft Internet Information Services	Version 5.0

References (4)

http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/1174

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/1174

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.