Back
CVE-2000-0884
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
Published: Dec 19, 2000
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (2)
| Vendor | Product | Version |
|---|---|---|
| microsoft | internet_information_server | 4.0 |
| microsoft | internet_information_services | 5.0 |
GitHub Security Advisory GHSA-3gpv-hgg9-gfg5
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly...
References (10)
- http://www.osvdb.org/436
- http://www.securityfocus.com/bid/1806
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44
- http://www.osvdb.org/436
- http://www.securityfocus.com/bid/1806
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44
Risk Scores
CVSS Score
7.5 / 10
EPSS Score
84.07%
Top 1% most likely to be exploited
Threat Score
65.2 / 100
Data Sources
NVD
EPSS
GitHub