Back
CVE-2000-0258
HIGH
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
Published: Apr 12, 2000
Modified: Apr 16, 2026
CWE-20
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products (2)
| Vendor | Product | Version |
|---|---|---|
| microsoft | internet_information_server | 4.0 |
| microsoft | internet_information_services | 5.0 |
GitHub Security Advisory GHSA-f3v5-8j87-jjrf
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a...
References (4)
- http://www.securityfocus.com/bid/1101 Third Party Advisory, VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023
- http://www.securityfocus.com/bid/1101 Third Party Advisory, VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023
Risk Scores
CVSS Score
7.5 / 10
EPSS Score
20.31%
Top 4% most likely to be exploited
Threat Score
36.1 / 100
Data Sources
NVD
EPSS
GitHub