Back
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Published: Jul 14, 2000
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (3)
| Vendor | Product | Version |
|---|---|---|
| microsoft | internet_information_server | 3.0 |
| microsoft | internet_information_server | 4.0 |
| microsoft | internet_information_services | 5.0 |
GitHub Security Advisory GHSA-gm9r-p48q-qmx6
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers...
References (8)
- http://marc.info/?l=bugtraq&m=96390444022878&w=2
- http://www.securityfocus.com/bid/1476 Patch, Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4951
- http://marc.info/?l=bugtraq&m=96390444022878&w=2
- http://www.securityfocus.com/bid/1476 Patch, Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4951
Risk Scores
CVSS Score
5.0 / 10
EPSS Score
48.37%
Top 2% most likely to be exploited
Threat Score
34.5 / 100
Data Sources
NVD
EPSS
GitHub