Vulnerability in Microsoft Internet_information_server
CVE-2000-0024
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
EPSS: 0.122 (95.6th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_information_server — versions 4.0
- Microsoft Site_server — versions 3.0
- Microsoft Site_server_commerce — versions 3.0
- N/a — versions n/a
References
- cve@mitre.org (vendor-advisory, x_refsource_MSKB)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MS, vendor-advisory)