National Cyber-Alert System
Vulnerability Summary: CVE-2000-0884
Orirignal release date: 2000-12-19
Source: US-CERT/NIST

Overview

    IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Impact

    CVSS Severity: 8 (High)
    Range: remote
    Authentication: input
    Impact Type: conf,sec_prot

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    IIS (Microsoft)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884