CVE-2000-0024

CVSS 2.0 Score 6.4 of 10 (medium)

Details

Published Dec 21, 1999

Updated: Nov 20, 2024

Summary

CVE-2000-0024 is a vulnerability affecting Microsoft's Internet Information Services (IIS). The issue arises due to IIS's failure to properly canonicalize URLs. Malicious actors can exploit this flaw by inserting escape characters into URLs, allowing them to bypass access restrictions in third-party applications installed on the IIS server. This vulnerability, also known as the "Escape Character Parsing" issue, poses a significant risk to web applications and servers utilizing IIS.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft IIS

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/LFRDee
https://www.cve.org/CVERecord?id=CVE-2000-0024
https://nvd.nist.gov/vuln/detail/CVE-2000-0024

Back to Vulnerability Database