Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2000-0884

Published: 19/12/2000 Updated: 30/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 795
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Microsoft

Vulnerability Summary

IIS 4.0 and 5.0 allows remote malicious users to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet information server 4.0

microsoft internet information services 5.0

Exploits

Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (2)
source: wwwsecurityfocuscom/bid/1806/info Microsoft IIS 40 and 50 are both vulnerable to double dot "/" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\" Unauthenticated users may access any known file in the context of the IUSR_machinename account The IUSR_mac ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (5)
source: wwwsecurityfocuscom/bid/1806/info Microsoft IIS 40 and 50 are both vulnerable to double dot "/" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\" Unauthenticated users may access any known file in the context of the IUSR_machinename account The IUSR_m ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (4)
source: wwwsecurityfocuscom/bid/1806/info Microsoft IIS 40 and 50 are both vulnerable to double dot "/" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\" Unauthenticated users may access any known file in the context of the IUSR_machinename account The IUSR_mac ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (3)
source: wwwsecurityfocuscom/bid/1806/info Microsoft IIS 40 and 50 are both vulnerable to double dot "/" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\" Unauthenticated users may access any known file in the context of the IUSR_machinename account The IUSR_mac ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (6)
/* iisex iis exploit (<- nost's idea) v2 * -------------------------------------- * Okay the first piece of code was not really finished * So, i apologize to everybody * * by incubus <incubus@securaxorg> * * grtz to: Bio, nos, zoa, reg and vor (who else would stay up * at night to exploit this?) to securax (#securax@efn ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (7)
#!/usr/bin/perl # # IIS 40/50 Unicode Exploit # Checks for each script that has been posted on the BugTraq Lis # Shouts to bighawk(thats for help), datagram, Ghost Rider, The Duke, p4, kript0n and others # Since It Uses fork(), you gotta keep up with whats happening Or Just Let it run and it will # log sites in the log_unicodelog # So Simple ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (1)
source: wwwsecurityfocuscom/bid/1806/info Microsoft IIS 40 and 50 are both vulnerable to double dot "/" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\" Unauthenticated users may access any known file in the context of the IUSR_machinename account The IUSR_mach ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (9)
/****************************************************************************\ ** ** ** Microsoft IIS 40/50 Extended UNICODE Directory Traversal Exploit ** ** proof of theory exploit cuz it's wednesday and i'm on the couch ** ** ...
Exploit DB: Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)
#!/usr/bin/perl # # See wwwsecurityfocuscom/vdb/bottomhtml?section=exploit&vid=1806 # # Very simple PERL script to execute commands on IIS Unicode vulnerable servers # Use port number with SSLproxy for testing SSL sites # Usage: unicodexecute2 IP:port command # Only makes use of "Socket" library # # New in version2: # Copy the cmdexe ...

Github Repositories

https://github.com/jrbrawner/SnortParser

Snort rule tokenizer and parser written in Python using PLY.

Intro Snort rule tokenizer and parser written using PLY This is my first tokenizer, parser and I may make improvements/changes as time goes on The focus of this package currently is to allow programmatically working with snort rules, not necessarily detect the minutae of incorrect option combinations If you have any suggestions, ideas, or improvements feel free to open an is

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/1806http://www.osvdb.org/436https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44https://exchange.xforce.ibmcloud.com/vulnerabilities/5377https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078https://nvd.nist.govhttps://github.com/jrbrawner/SnortParserhttps://www.exploit-db.com/exploits/20299/https://www.kb.cert.org/vuls/id/111677
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook