ISAPI Extension Processing Flaw in Microsoft IIS 4.0 and 5.0
CVE-2000-0246

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server; Internet Information Services; Proxy Server; Commercial Internet System
Vendor: CVE Published:; 30 March 2000

Summary

The IIS web server versions 4.0 and 5.0 are susceptible to a vulnerability related to ISAPI extension processing when a virtual directory is linked to a UNC share. This flaw permits remote attackers to access and read sensitive source code files, including ASP scripts, thereby compromising the security of the web application and its underlying infrastructure. It's critical for web administrators to implement necessary security measures to mitigate this exposure.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.microsoft.com/technet/support/kb.asp?ID=249599

vendor-advisoryx_refsource_MSKB

http://www.securityfocus.com/bid/1081

vdb-entryx_refsource_BID

EPSS Score

83% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Apr 12, 2000
Vulnerability published
Mar 30, 2000