Back
CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
Published: Dec 21, 1999
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (3)
| Vendor | Product | Version |
|---|---|---|
| microsoft | internet_information_server | 4.0 |
| microsoft | site_server | 3.0 |
| microsoft | site_server_commerce | 3.0 |
GitHub Security Advisory GHSA-34rm-j4gj-85h8
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file...
References (6)
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606
- http://www.osvdb.org/8098
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606
- http://www.osvdb.org/8098
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058
Risk Scores
CVSS Score
5.0 / 10
EPSS Score
46.05%
Top 2% most likely to be exploited
Threat Score
33.8 / 100
Data Sources
NVD
EPSS
GitHub