Description

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Remediation

References

CVE-2000-0457

Related Vulnerabilities

Microsoft SQL Server Other Vulnerability (CVE-2002-0643)

WordPress Plugin Flash Photo Gallery Cross-Site Scripting (0.7)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2002-2272)

WordPress Plugin Comments-wpDiscuz Cross-Site Scripting (3.1.4)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069)

Severity

High

Classification

CVE-2000-0457

Tags

Missing Update Known Vulnerabilities