PT-2000-1112 · Microsoft · Iis
Published
2000-01-26
·
Updated
2022-08-17
·
CVE-2000-0126
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IIS versions 3 and 4
Description
The issue allows remote attackers to read files via a .. (dot dot) attack, potentially exposing sensitive information. This is made possible by sample Internet Data Query (IDQ) scripts in the affected IIS versions.
Recommendations
For IIS versions 3 and 4, consider removing or restricting access to the sample Internet Data Query (IDQ) scripts to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iis