Description

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Remediation

References

CVE-2000-0884

Related Vulnerabilities

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3783)

WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator SQL Injection (4.4.2)

Lighttpd Resource Management Errors Vulnerability (CVE-2008-4298)

WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)

Severity

High

Classification

CVE-2000-0884

Tags

Missing Update Known Vulnerabilities