Back
CVE-2000-0024
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Published: Dec 21, 1999
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (3)
| Vendor | Product | Version |
|---|---|---|
| microsoft | internet_information_server | 4.0 |
| microsoft | site_server | 3.0 |
| microsoft | site_server_commerce | 3.0 |
GitHub Security Advisory GHSA-h3mj-3v87-42wc
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access...
References (6)
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401
- http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401
- http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061
Risk Scores
CVSS Score
6.4 / 10
EPSS Score
12.05%
Top 6% most likely to be exploited
Threat Score
29.2 / 100
Data Sources
NVD
EPSS
GitHub