Published: 11/05/2000 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

ISM.DLL in IIS 4.0 and 5.0 allows remote malicious users to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet information server 4.0
microsoft internet information services 5.0

source: wwwsecurityfocuscom/bid/1193/info Requesting a known filename with the extension replaced with htr preceeded by approximately 230 "%20" (which is an escaped character that represents a space) from Microsoft IIS 40/50 will cause the server to retrieve the file and its contents This is due to the htr file extension being mapped ...

NVD-CWE-Other http://www.securityfocus.com/bid/1193 http://marc.info/?l=bugtraq&m=95810120719608&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/4448 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 https://nvd.nist.gov https://www.exploit-db.com/exploits/19908/https://www.kb.cert.org/vuls/id/35085

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0457

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect