Vulnerability in Microsoft Internet_information_server
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerabil…
EPSS: 0.349 (98.2th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_information_server — versions 4.0
- Microsoft Site_server — versions 3.0
- Microsoft Site_server_commerce — versions 3.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (x_refsource_MS, vendor-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_MSKB)