Description

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

Remediation

References

CVE-2000-0770

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-21732)

Oracle JRE CVE-2012-0500 Vulnerability (CVE-2012-0500)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1747)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23125)

Grafana Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-21703)

Severity

Medium

Classification

CVE-2000-0770

Tags

Missing Update Known Vulnerabilities