Information Disclosure via IIS FrontPage Extensions by Microsoft
CVE-2000-0413

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server; Frontpage
Vendor: CVE Published:; 6 May 2000

Summary

The shtml.exe program within the FrontPage extensions of Microsoft's Internet Information Services (IIS) versions 4.0 and 5.0 is susceptible to an information disclosure vulnerability. By sending a request for a non-existent file, remote attackers can generate an error message that inadvertently reveals the physical file paths of sensitive HTML, HTM, ASP, and SHTML files on the server. This exposure could lead to further exploitation or unauthorized access to critical server information.

References

http://archives.neohapsis.com/archives/bugtraq/2000-05/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1174

vdb-entryx_refsource_BID

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jun 14, 2000
Vulnerability published
May 6, 2000