What is CVE-2000-0884?

CVE-2000-0884 is a vulnerability in N/a. Published 2001-01-22.

Is CVE-2000-0884 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2000-0884

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

EPSS: 0.841 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
mokrani-zahir/stock

References

oval:org.mitre.oval:def:44 (signature, x_refsource_OVAL, vdb-entry)
MS00-078 (x_refsource_MS, vendor-advisory)
iis-unicode-translation(5377) (vdb-entry, x_refsource_XF)
1806 (vdb-entry, x_refsource_BID)
436 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2000-0884?: CVE-2000-0884 is a vulnerability in N/a. Published 2001-01-22.
Is CVE-2000-0884 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.