CVE-2000-0457

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published May 11, 2000

Updated: Nov 20, 2024

Summary

CVE-2000-0457 is a vulnerability affecting ISM.DLL in versions 4.0 and 5.0 of Internet Information Services (IIS). Attackers can exploit this issue by requesting a file and appending a large number of encoded spaces (%20) followed by a .htr extension. This allows the attacker to read the contents of the file, making it a significant security risk. This vulnerability is also known as the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft IIS

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/LFRCRm
https://www.cve.org/CVERecord?id=CVE-2000-0457
https://nvd.nist.gov/vuln/detail/CVE-2000-0457

Back to Vulnerability Database