Description

The web server is vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\".

Remediation

Install the latest patches from Microsoft.

References

Cve - Cve-2000-0884

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (4)

Related Vulnerabilities

WordPress Plugin Event post Local File Inclusion (5.9.5)

WordPress Plugin WooCommerce Multiple Vulnerabilities (6.2.0)

Web Cache Poisoning DoS (for javascript)

Spring Boot Actuator v2

Joomla J!Dump extension enabled

Severity

High

Classification

CVE-2000-0884 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Configuration