CVE-2000-0413

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server; Frontpage
Vendor: CVE Published:; 6 May 2000

Summary

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

References

http://archives.neohapsis.com/archives/bugtraq/2000-05/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1174

vdb-entryx_refsource_BID

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jun 14, 2000
Vulnerability published
May 6, 2000

Collectors

NVD DatabaseMitre Database