Back

CVE-2000-0770

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

Published: Oct 20, 2000 Modified: Apr 16, 2026

CVSS Metrics

Affected Products (2)

Vendor	Product	Version
microsoft	internet_information_server	4.0
microsoft	internet_information_services	5.0

GitHub Security Advisory GHSA-8wcg-8pwm-v3gc

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent...

References (4)

http://www.securityfocus.com/bid/1565 Patch, Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057
http://www.securityfocus.com/bid/1565 Patch, Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057

Risk Scores

CVSS Score 6.4 / 10

EPSS Score 1.62%

Top 18% most likely to be exploited

Threat Score 26.1 / 100

Data Sources

NVD EPSS GitHub