| Vulnerability Name: | CVE-2000-0884 (CCN-5377) | ||||||||
| Assigned: | 2000-10-17 | ||||||||
| Published: | 2000-10-17 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Oct 17 2000 - 09:48:03 CDT IIS %c1%1c remote command execution Source: CCN Type: BugTraq Mailing List, Thu Oct 19 2000 - 05:07:57 CDT Re: IIS %c1%1c remote command execution Source: CCN Type: BugTraq Mailing List, Fri Oct 20 2000 - 02:30:48 CDT [LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution Source: CCN Type: BugTraq Mailing List, Fri Feb 15 2002 - 02:34:32 CST codeblue remote root Source: MITRE Type: CNA CVE-2000-0884 Source: CCN Type: BugTraq Mailing List, 2000-10-19 6:21:23 IIS 4.0/5.0 UNICODE exploit Source: CCN Type: CERT Advisory CA-2001-11 sadmind/IIS Worm Source: CCN Type: CIAC Information Bulletin L-007 Microsoft IIS Folder Traversal Source: CCN Type: Internet Security Systems Security Alert #68 Serious flaw in Microsoft IIS UNICODE translation Source: CCN Type: Internet Security Systems Security Alert #96 Code Blue Worm Source: CCN Type: US-CERT VU#111677 Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url (MS00-078) Source: CCN Type: Microsoft Security Bulletin MS00-078 FAQ Microsoft Security Bulletin (MS00-078): Frequently Asked Questions Source: CCN Type: Microsoft Security Bulletin MS00-078 Patch Available for 'Web Server Folder Traversal' Vulnerability Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: Microsoft Security Bulletin MS02-062 Cumulative Patch for Internet Information Service (Q327696) Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114) Source: OSVDB Type: UNKNOWN 436 Source: CCN Type: OSVDB ID: 436 Microsoft IIS Unicode Remote Command Execution Source: BID Type: UNKNOWN 1806 Source: CCN Type: BID-1806 Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability Source: MS Type: UNKNOWN MS00-078 Source: XF Type: UNKNOWN iis-unicode-translation(5377) Source: XF Type: UNKNOWN iis-unicode-translation(5377) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:44 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||