CVE-2000-0884

Published: Dec 19, 2000Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Affected (2)

Products: Microsoft: Internet Information Server, Internet Information Services

Microsoft

2 products

Internet Information Server

Internet Information Services

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Information Server	Version 4.0
Microsoft Internet Information Services	Version 5.0

References (10)

http://www.osvdb.org/436

Source: cve@mitre.org

http://www.securityfocus.com/bid/1806

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/5377

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44

Source: cve@mitre.org

http://www.osvdb.org/436