CVE-2000-0886 | Vulnerability Database | Aqua Security

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the Web Server File Request Parsing vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Internet_information_server	Microsoft	4.0 (including)	4.0 (including)
Internet_information_services	Microsoft	5.0 (including)	5.0 (including)

References

http://www.securityfocus.com/bid/1912
http://www.securityfocus.com/templates/archive.pike?mid=143604\u0026list=1\u0026fromthread=0\u0026end=2000-11-11\u0026threads=0\u0026start=2000-11-05\u0026
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-086
https://exchange.xforce.ibmcloud.com/vulnerabilities/5470
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A191
http://www.securityfocus.com/bid/1912
http://www.securityfocus.com/templates/archive.pike?mid=143604\u0026list=1\u0026fromthread=0\u0026end=2000-11-11\u0026threads=0\u0026start=2000-11-05\u0026
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-086
https://exchange.xforce.ibmcloud.com/vulnerabilities/5470
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A191

NVD	https://nvd.nist.gov/vuln/detail/CVE-2000-0886
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html