Microsoft Index Server Vulnerability Exposes ASP Source Code
CVE-2000-0302

Currently unrated

Key Information:

Vendor: Microsoft
Status: Index Server
Vendor: CVE Published:; 31 March 2000

Summary

The Microsoft Index Server vulnerability permits remote attackers to view the source code of ASP files. This is executed by appending a %20 to the filename in the CiWebHitsFile parameter when accessing the null.htw URL. This flaw can lead to unauthorized access and exploitation of ASP file contents, making it critical for users to secure their Index Server installations.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/1084

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=95453598317340&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Apr 26, 2000
Vulnerability published
Mar 31, 2000